Method for handling IP multicast packets in network switch

ABSTRACT

A method of switching packets in a network switch includes the step of receiving a packet on a source port of a network switch. Thereafter, the method includes the step of determining whether the network switch has sufficient memory capacity to process the data packet; and if memory capacity is sufficient, then the method reads a selected portion of the packet to determine if the packet is to be sent to a mirrored port. If mirroring is determined, then the method sends the data packet to the mirrored port. The method also includes the step of determining whether the packet is to be sent to a remote CPU for further handling, and sending the data packet to the remote CPU if appropriate. The method additionally includes the step of determining whether the packet is a unicast packet, and if so, placing the packet on an internal communication channel within the network switch for appropriate storing and forwarding. If the packet is not a unicast packet, then the method determines if the packet is a multicast packet. If the packet is determined to be a multicast packet, then performing simultaneous lookups and switching using layer 2 lookup tables and addresses, and layer 3 lookup tables and addresses, thereby providing hybrid multicast handling of the packet.

REFERENCE TO RELATED APPLICATIONS

This application claims priority of U.S. Provisional Patent ApplicationSer. No. 60/124,878, filed on Mar. 17, 1999, U.S. Provisional PatentApplication Ser. No. 60/135,603, filed on May 24, 1999, U.S. ProvisionalPatent Application Ser. No. 60/149,706, filed on Aug. 20, 1999, and U.S.patent application Ser. No. 09/527,271, filed Mar. 17, 2000, issued asU.S. Pat. No. 6,707,817. This application is a continuation-in-part(CIP) of U.S. patent application Ser. No. 09/343,409, filed on Jun. 30,1999, issued as U.S. Pat. No. 6,335,932. The subject matter of theseearlier filed applications are hereby incorporated by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention relates to a method and apparatus for high performanceswitching of data packets in local area communications networks such astoken ring, ATM, Ethernet, fast Ethernet, and gigabit Ethernetenvironments, all of which are generally known as LANs. In particular,the invention relates to a new switching architecture in an integrated,modular, single chip solution, which can be implemented on asemiconductor substrate such as a silicon chip.

2. Description of the Related Art

The present invention advances network switching technology in a switchsuitable for use in Ethernet, fast Ethernet, gigabit Ethernet, and othertypes of network environments which require high performance switchingof data packets or data cells. A switch utilizing the disclosedelements, and a system performing the disclosed steps, provides cost andoperational advantages over the prior art.

SUMMARY OF THE INVENTION

The present invention is directed to a switch-on-chip solution for anetwork switch, capable of use at least on ethernet, fast ethernet, andgigabit ethernet systems, wherein all of the switching hardware isdisposed on a single microchip. The present invention is configured tomaximize the ability of packet-forwarding at linespeed, and to alsoprovide a modular configuration wherein a plurality of separate modulesare configured on a common chip, and wherein individual design changesto particular modules do not affect the relationship of that particularmodule to other modules in the system.

The present invention, therefore, is related to a method of switchingpackets in a network switch, wherein the method includes the steps ofreceiving a packet on a source port of a network switch. Thereafter, themethod includes the step of determining whether the network switch hassufficient memory capacity to process the data packet; and if memorycapacity is sufficient, then the method reads a selected portion of thepacket to determine if the packet is to be sent to a mirrored port. Ifmirroring is determined, then the method sends the data packet to themirrored port. The method also includes the step of determining whetherthe packet is to be sent to a remote CPU for further handling, andsending the data packet to the remote CPU if appropriate. The methodadditionally includes the step of determining whether the packet is aunicast packet, and if so, placing the packet on an internalcommunication channel within the network switch for appropriate storingand forwarding. If the packet is not a unicast packet, then the methoddetermines if the packet is a multicast packet. If the packet isdetermined to be a multicast packet, then performing simultaneouslookups and switching using layer 2 lookup tables and addresses, andlayer 3 lookup tables and addresses, thereby providing hybrid multicasthandling of the packet.

BRIEF DESCRIPTION OF THE DRAWINGS

The objects and features of the invention will be more readilyunderstood with reference to the following description and the attacheddrawings, wherein:

FIG. 1 is a general block diagram of elements of a network switch asdiscussed herein;

FIG. 2 is a more detailed block diagram of the network switch;

FIG. 3 illustrates the data flow on the CPS channel of the networkswitch;

FIG. 4A illustrates demand priority round robin arbitration for accessto the C-channel of the network switch;

FIG. 4B illustrates access to the C-channel based upon the round robinarbitration illustrated in FIG. 4A;

FIG. 5 illustrates P-channel message types;

FIG. 6 illustrates a message format for S channel message types;

FIG. 7 is an illustration of the OSI 7 layer reference model;

FIG. 8 illustrates an operational diagram of an EPIC module;

FIG. 9 illustrates the slicing of a data packet on the ingress to anEPIC module;

FIG. 10 is a detailed view of elements of the MMU;

FIG. 11 illustrates the CBM cell format;

FIG. 12 illustrates an internal/external memory admission flow chart;

FIG. 13 illustrates a block diagram of an egress manager 76 illustratedin FIG. 10;

FIG. 14 illustrates more details of an EPIC module;

FIG. 15 is a block diagram of a fast filtering processor (FFP);

FIG. 16 is a block diagram of the elements of CMIC 40;

FIG. 17 illustrates a series of steps which are used to program an FFP;

FIG. 18 is a flow chart illustrating the aging process for ARL (L2) andL3 tables;

FIG. 19 illustrates communication using a trunk group according to thepresent invention;

FIG. 20 is a table listing numerous fields for various packet types;

FIGS. 21A and 21B illustrate a filter mask format and a field maskformat, respectively;

FIG. 22 is a flow chart which illustrates the formation and applicationof a filter mask;

FIG. 23 illustrates an example of a format for a rules table;

FIG. 24 illustrates a format for an IP multicast table;

FIG. 25 is a flow chart illustrating handling of an IP multicast packet;

FIG. 26 illustrates an embodiment of stacked SOC switches 10;

FIGS. 27A and 27B illustrate alternate embodiments of stacked SOC 10configurations;

FIG. 28 is a detailed view of the functional modules of IPIC 90;

FIG. 29 illustrates packet handling for packets coming in to the highperformance interface of IPIC 90;

FIG. 30 is a diffserv-to-COS mapping table;

FIG. 31 illustrates the configuration of the offsets;

FIG. 32 is a primary flowchart for the filtering/metering logic;

FIG. 33 is a flowchart of the partial match logic;

FIG. 34 is a flowchart of the in-profile action logic;

FIG. 35 is a flowchart of the partial match action logic for bits 3-6;

FIG. 36 is a flowchart of the partial match action logic for bits 1, 0,and 10;

FIG. 37 is a flowchart of the in-profile action logic for bits 2, 8, and9;

FIG. 38 illustrates a first configuration of an address table and asearch engine;

FIG. 39 illustrates a second configuration of two address tables and twosearch engines;

FIG. 40 a illustrates a first example of address entries stored in an asingle address table;

FIG. 40 b illustrates a second example of address entries stored in twoseparate sorted address tables;

FIG. 41 a illustrates a third example of address entries stored in asingle address table;

FIG. 41 b illustrates a fourth example of address entries stored in twoseparate sorted address tables;

FIG. 42 is a flowchart of the in-profile action logic for bits 11-13;

FIG. 43 is a flowchart of the mirrored port/final FFP actions;

FIG. 44 is a flowchart of the out-profile action logic;

FIG. 45 is a flowchart of the data flow of an incoming packet;

FIG. 46 is a flowchart of the differentiated services logic; and

FIG. 47 is a flowchart expanding step 46-4.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

As computer performance has increased in recent years, the demands oncomputer networks has significantly increased; faster computerprocessors and higher memory capabilities need networks with highbandwidth capabilities to enable high speed transfer of significantamounts of data. The well-known Ethernet technology, which is based uponnumerous IEEE Ethernet standards, is one example of computer networkingtechnology which has been able to be modified and improved to remain aviable computing technology. A more complete discussion of networkingsystems can be found, for example, in SWITCHED AND FAST Ethernet, byBreyer and Riley (Ziff-Davis, 1996), and numerous IEEE publicationsrelating to IEEE 802 standards. Based upon the Open Systems Interconnect(OSI) 7-layer reference model, network capabilities have grown throughthe development of repeaters, bridges, routers, and, more recently,“switches”, which operate with various types of communication media.Thickwire, thinwire, twisted pair, and optical fiber are examples ofmedia which has been used for computer networks. Switches, as theyrelate to computer networking and to Ethernet, are hardware-baseddevices which control the flow of data packets or cells based upondestination address information which is available in each packet. Aproperly designed and implemented switch should be capable of receivinga packet and switching the packet to an appropriate output port at whatis referred to wirespeed or linespeed, which is the maximum speedcapability of the particular network. Basic Ethernet wirespeed is up to10 megabits per second, and Fast Ethernet is up to 100 megabits persecond. Gigabit Ethernet is capable of transmitting data over a networkat a rate of up to 1,000 megabits per second. As speed has increased,design constraints and design requirements have become more and morecomplex with respect to following appropriate design and protocol rulesand providing a low cost, commercially viable solution. For example,high speed switching requires high speed memory to provide appropriatebuffering of packet data; conventional Dynamic Random Access Memory(DRAM) is relatively slow, and requires hardware-driven refresh. Thespeed of DRAMs, therefore, as buffer memory in network switching,results in valuable time being lost, and it becomes almost impossible tooperate the switch or the network at linespeed. Furthermore, externalCPU involvement should be avoided, since CPU involvement also makes italmost impossible to operate the switch at linespeed. Additionally, asnetwork switches have become more and more complicated with respect torequiring rules tables and memory control, a complex multi-chip solutionis necessary which requires logic circuitry, sometimes referred to asglue logic circuitry, to enable the various chips to communicate witheach other. Additionally, cost/benefit tradeoffs are necessary withrespect to expensive but fast SRAMs versus inexpensive but slow DRAMs.Additionally, DRAMs, by virtue of their dynamic nature, requirerefreshing of the memory contents in order to prevent losses thereof.SRAMs do not suffer from the refresh requirement, and have reducedoperational overhead which compared to DRAMs such as elimination of pagemisses, etc. Although DRAMs have adequate speed when accessing locationson the same page, speed is reduced when other pages must be accessed.

Referring to the OSI 7-layer reference model discussed previously, andillustrated in FIG. 7, the higher layers typically have moreinformation. Various types of products are available for performingswitching-related functions at various levels of the OSI model. Hubs orrepeaters operate at layer one, and essentially copy and “broadcast”incoming data to a plurality of spokes of the hub. Layer twoswitching-related devices are typically referred to as multiportbridges, and are capable of bridging two separate networks. Bridges canbuild a table of forwarding rules based upon which MAC (media accesscontroller) addresses exist on which ports of the bridge, and passpackets which are destined for an address which is located on anopposite side of the bridge. Bridges typically utilize what is known asthe “spanning tree” algorithm to eliminate potential data loops; a dataloop is a situation wherein a packet endlessly loops in a networklooking for a particular address. The spanning tree algorithm defines aprotocol for preventing data loops. Layer three switches, sometimesreferred to as routers, can forward packets based upon the destinationnetwork address. Layer three switches are capable of learning addressesand maintaining tables thereof which correspond to port mappings.Processing speed for layer three switches can be improved by utilizingspecialized high performance hardware, and off-loading the host CPU sothat instruction decisions do not delay packet forwarding.

FIG. 1 illustrates a configuration wherein a switch-on-chip (SOC) 10, inaccordance with the present invention, is functionally connected toexternal devices 11, external memory 12, fast Ethernet ports 13, andgigabit Ethernet ports 15. For the purposes of this embodiment, fastEthernet ports 13 will be considered low speed Ethernet ports, sincethey are capable of operating at speeds ranging from 10 Mbps to 100Mbps, while the gigabit Ethernet ports 15, which are high speed Ethernetports, are capable of operating at 1000 Mbps. External devices 11 couldinclude other switching devices for expanding switching capabilities, orother devices as may be required by a particular application. Externalmemory 12 is additional off-chip memory, which is in addition tointernal memory which is located on SOC 10, as will be discussed below.CPU 52 can be used as necessary to program SOC 10 with rules which areappropriate to control packet processing. However, once SOC 10 isappropriately programmed or configured, SOC 10 operates, as much aspossible, in a free running manner without communicating with CPU 52.Because CPU 52 does not control every aspect of the operation of SOC 10,CPU 52 performance requirements, at least with respect to SOC 10, arefairly low. A less powerful and therefore less expensive CPU 52 cantherefore be used when compared to known network switches. As also willbe discussed below, SOC 10 utilizes external memory 12 in an efficientmanner so that the cost and performance requirements of memory 12 can bereduced. Internal memory on SOC 10, as will be discussed below, is alsoconfigured to maximize switching throughput and minimize costs.

It should be noted that any number of fast Ethernet ports 13 and gigabitEthernet ports 15 can be provided. In one embodiment, a maximum of 24fast Ethernet ports 13 and 2 gigabit ports 15 can be provided.Similarly, additional interconnect links to additional external devices11, external memory 12, and CPUs 52 may be provided as necessary.

FIG. 1 also illustrates that SOC 10 includes various internal modularcomponents, such as at least one Ethernet port interface controller(EPIC) 20, a plurality of which will be referred to as 20 a, 20 b, . . .20 x, a plurality of gigabit port interface controllers (GPIC) 30,referred to herein as 30 a, 30 b, . . . 30 x, an internet port interfacecontroller (IPIC) 90, a common buffer pool (CBP) 50, a memory managementunit (MMU) 70, and a CPU management interface controller (CMIC) 40. CPSchannel 80 runs through SOC 10, and enables communication between themodular elements of SOC 10.

FIG. 2 illustrates a more detailed block diagram of the functionalelements of SOC 10. As evident from FIG. 2 and as noted above, SOC 10includes a plurality of modular systems on-chip, with each modularsystem, although being on the same chip, being functionally separatefrom the other modular systems. Therefore, each module can efficientlyoperate in parallel with other modules, and this configuration enables asignificant amount of freedom in updating and re-engineering SOC 10.

SOC 10 includes a plurality of Ethernet Port Interface Controllers 20 a,20 b, 20 c, etc., a plurality of Gigabit Port Interface Controllers 30a, 30 b, etc., a CPU Management Interface Controller 40, a Common BufferMemory Pool 50, a Memory Management Unit 70, including a Common BufferManager (CBM) 71, and a system-wide bus structure referred to as CPSchannel 80. The MMU 70 communicates with external memory 12, whichincludes an external Global Buffer Memory Pool (GBP) 60. The CPS channel80 comprises C channel 81, P channel 82, and S channel 83. The CPSchannel is also referred to as the Cell Protocol Sideband Channel, andis a 17 Gbps channel which glues or interconnects the various modulestogether. As also illustrated in FIG. 2, also included is internet portinterface controller (IPIC) 90, which includes a plurality of tables 91,and network buffer pool (NBP) 92 thereupon. Also, included in IPIC 90,and discussed later, are a plurality of components associated withenabling IPIC 90 to communicate with other switches, or other componentsthrough a high performance interface. IPIC 90 enables high efficiencystacking configurations to be created.

As will be discussed below, each EPIC 20 a, 20 b, and 20 c, generallyreferred to as EPIC 20, and GPIC 30 a and 30 b, generally referred to asGPIC 30, are closely interrelated with appropriate address resolutionlogic and layer three switching tables 21 a, 21 b, 21 c, 31 a, 31 b,rules tables 22 a, 22 b, 22 c, 31 a, 31 b, and VLAN tables 23 a, 23 b,23 c, 31 a, 31 b. These tables will be generally referred to as 21, 31,22, 32, 23, 33, respectively. These tables, like other tables on SOC 10,are implemented in silicon as x by y two-dimensional arrays, whereineach array has (x·y) memory storage locations therein.

In one embodiment of the subject invention, each EPIC 20 supports 8 fastEthernet ports 13, and switches packets to and/or from these ports asmay be appropriate. The ports, therefore, are connected to the networkmedium (coaxial, twisted pair, fiber, etc.) using known media connectiontechnology, and communicates with the CPS channel 80 on the other sidethereof. The interface of each EPIC 20 to the network medium can beprovided through a Reduced Media Internal Interface (RMII), whichenables the direct medium connection to SOC 10. As is known in the art,auto-negotiation is an aspect of fast Ethernet, wherein the network iscapable of negotiating a highest communication speed between a sourceand a destination based on the capabilities of the respective devices.The communication speed can vary, as noted previously, between 10 Mbpsand 100 Mbps; auto-negotiation capability, therefore, is built directlyinto each EPIC module. The address resolution logic (ARL) and layerthree tables (ARL/L3) 21 a, 21 b, 21 c, rules table 22 a, 22 b, 22 c,and VLAN tables 23 a, 23 b, and 23 c are configured to be part of orinterface with the associated EPIC in an efficient and expedient manner,also to support wirespeed packet flow.

Each EPIC 20 has separate ingress and egress functions. On the ingressside, self-initiated and CPU-initiated learning of level 2 addressinformation can occur. Address resolution logic (ARL) is utilized toassist in this task. Address aging is built in as a feature, in order toeliminate the storage of address information which is no longer valid oruseful. EPIC 20 also carries out layer 2 mirroring. A fast filteringprocessor (FFP) 141 (see FIG. 14) is incorporated into each EPIC andGPIC, in order to accelerate packet forwarding and enhance packet flow.The ingress side of each EPIC and GPIC, illustrated in FIG. 8 as ingresssubmodule 14, has a significant amount of complexity to be able toproperly process a significant number of different types of packetswhich may come in to the port, for linespeed buffering and thenappropriate transfer to the egress. Functionally, each port on eachmodule of SOC 10 has a separate ingress submodule 14 associatedtherewith. From an implementation perspective, however, in order tominimize the amount of hardware implemented on the single-chip SOC 10,common hardware elements in the silicon will be used to implement aplurality of ingress submodules on each particular module. Theconfiguration of SOC 10 discussed herein enables concurrent lookups andfiltering, and therefore, allows for processing of up to 6.6 millionpackets per second. Layer two lookups, layer three lookups, andfiltering occur simultaneously to achieve this level of performance. Onthe egress side, the EPIC is capable of supporting packet polling basedeither as an egress management or class of service (COS) function.Rerouting/scheduling of packets to be transmitted can occur, as well ashead-of-line (HOL) blocking notification, packet aging, cell reassembly,and other functions associated with Ethernet port interface.

Each GPIC 30 is similar to each EPIC 20, but supports only one gigabitEthernet port, and utilizes a port-specific ARL table, rather thanutilizing an ARL table which is shared with any other ports.Additionally, instead of an RMII, each GPIC port interfaces to thenetwork medium utilizing a gigabit media independent interface (GMII).

CMIC 40 acts as a gateway between the SOC 10 and the host CPU. Thecommunication can be, for example, along a PCI bus, or other acceptablecommunications bus. CMIC 40 can provide sequential direct mappedaccesses between the host CPU 52 and the SOC 10. CPU 52, through theCMIC 40, will be able to access numerous resources on SOC 10, includingMIB counters, programmable registers, status and control registers,configuration registers, ARL tables, port-based VLAN tables, IEEE 802.1qVLAN tables, layer three tables, rules tables, CBP address and datamemory, as well as GBP address and data memory. Optionally, the CMIC 40can include DMA support, DMA chaining and scatter-gather, as well asmaster and target PCI64.

Common buffer memory pool or CBP 50 can be considered to be the on-chipdata memory. In one embodiment, CBP 50 is first level high speed SRAMtype memory, to maximize performance and minimize hardware overheadrequirements. CBP 50 can have a size of, for example, 720 kilobytesrunning at 132 MHZ. Packets stored in the CBP 50 are typically stored asa series of linked cells, rather than packets. The packets are storedand moved within SOC 10 as cells, and reassembled as packets beforebeing sent out on appropriate egress ports. As illustrated in thefigure, MMU 70 also contains the Common Buffer Manager (CBM) 71 thereon.CBM 71 handles queue management, and is responsible for assigning cellpointers to incoming cells, as well as assigning common packet IDs(CPIDs) once the packet is fully written into the CBP. CBM 71 can alsohandle management of the on-chip free address pointer pool, controlactual data transfers to and from the data pool, and provide memorybudget management.

Global memory buffer pool or GBP 60 acts as a second level memory, andcan be located on-chip or off chip. In one embodiment, GBP 60 is locatedoff chip with respect to SOC 10. When located off-chip, GBP 60 isconsidered to be a part of or all of external memory 12. As a secondlevel memory, the GBP does not need to be expensive high speed SRAMs,and can be a slower less expensive memory, such as DRAM. The GBP istightly coupled to the MMU 70, and operates like the CBP in that packetsare stored as cells. For broadcast and multicast messages, only one copyof the packet is stored in GBP 60.

As shown in the figures, MMU 70 is located between GBP 60 and CPSchannel 80, and acts as an external memory interface. In order tooptimize memory utilization, MMU 70 includes multiple read and writebuffers, and supports numerous functions including global queuemanagement, which broadly includes assignment of cell pointers forrerouted incoming packets, maintenance of the global FAP, time-optimizedcell management, global memory budget management, GPID assignment andegress manager notification, write buffer management, read prefetchesbased upon egress manager/class of service requests, and smart memorycontrol.

As shown in FIG. 2, the CPS channel 80 is actually three separatechannels, referred to as the C-channel, the P-channel, and theS-channel. The C-channel is 128 bits wide, and runs at 132 MHZ. Packettransfers between ports occur on the C-channel. Since this channel isused solely for data transfer, there is no overhead associated with itsuse. The P-channel or protocol channel is synchronous or locked with theC-channel. During cell transfers, the message header is sent via theP-channel by the MMU. The P-channel is 64 bits wide, and runs at 132MHZ.

The S or sideband channel runs at 132 MHZ, and is 32 bits wide. TheS-channel is used for functions such as for conveying Port Link Status,receive port full, port statistics, ARL table synchronization, memoryand register access to CPU and other CPU management functions, andglobal memory full and common memory full notification.

A proper understanding of the operation of SOC 10 requires a properunderstanding of the operation of CPS channel 80. Referring to FIG. 3,it can be seen that in SOC 10, on the ingress, packets coming in to anEPIC or GPIC are sliced by the EPIC 20 or GPIC 30 into 64-byte cells.The use of cells on-chip instead of packets makes it easier to adapt theSOC to work with cell based protocols such as, for example, AsynchronousTransfer Mode (ATM). Presently, however, ATM utilizes cells which are 53bytes long, with 48 bytes for payload and 5 bytes for header. In theSOC, incoming packets are sliced into cells which are 64 bytes long asdiscussed above, and the cells are further divided into four separate 16byte cell blocks Cn0 . . . Cn3. Locked with the C-channel is theP-channel, which locks the opcode in synchronization with Cn0. A portbit map is inserted into the P-channel during the phase Cn1. Theuntagged bit map is inserted into the P-channel during phase Cn2, and atime stamp is placed on the P-channel in Cn3. Independent fromoccurrences on the C and P-channel, the S-channel is used as a sideband,and is therefore decoupled from activities on the C and P-channel.

IPIC 90 communicates with CPS channel 80 and functions essentially likea port. Packets coming into the IPIC from the outside of SOC 10 wouldeither be coming from another IPIC module on another SOC 10, or fromother links through a high performance interface. The IPIC, therefore,is distinguishable from an EPIC module 20, since each EPIC willtypically have a plurality of ports, while the IPIC has a single port.As will be discussed in more detail, the IPIC includes an internalmemory buffer called the network buffer pool or NBP, and which isillustrated in FIGS. 1 and 2 as NBP 92. IPIC 90 also includes aplurality of tables 91 for packet handling, such as a VLAN Table 802.1q,trunking tables, etc. IPIC 90 does not have ARL tables, since thedestination port number will be available in the module header. Packetswhich come in to SOC 10 through either an EPIC 20 or a GPIC 30, whichare destined for IPIC 90, are not stored in the CBP or GBP, but insteadare routed to and stored in NBP 92 within IPIC 90 itself.

Cell or C-Channel

Arbitration for the CPS channel occurs out of band. Every module (EPIC,GPIC, IPIC, etc.) monitors the channel, and matching destination portsrespond to appropriate transactions. C-channel arbitration is a demandpriority round robin arbitration mechanism. If no requests are active,however, the default module, which can be selected during theconfiguration of SOC 10, can park on the channel and have completeaccess thereto. If all requests are active, the configuration of SOC 10is such that the MMU is granted access every other cell cycle, and EPICs20, GPICs 30, and IPIC 90 share equal access to the C-channel on a roundrobin basis. FIGS. 4A and 4B illustrate a C-channel arbitrationmechanism wherein section A is the MMU, and section B consists of twoGPICs, three EPICs, and one IPIC. The sections alternate access, andsince the MMU is the only module in section A, it gains access everyother cycle. The modules in section B, as noted previously, obtainaccess on a round robin basis.

The C channel 81 arbitration scheme, as discussed previously and asillustrated in FIGS. 4A and 4B, is Demand Priority Round-Robin. Each I/Omodule, EPIC 20, GPIC 30, CMIC 40, and IPIC 90, along with the MMU 70,can initiate a request for C channel access. If no requests exist at anyone given time, the default module established with a high priority getscomplete access to the C channel 81. If any one single I/O module or theMMU 70 requests C channel 81 access, that single module gains access tothe C channel 81 on-demand.

If EPIC modules 20 a, 20 b, 20 c, and GPIC modules 30 a and 30 b, IPIC90, and CMIC 40 simultaneously request C channel access, then access isgranted in round-robin fashion. For a given arbitration time period eachof the I/O modules would be provided access to the C channel 81. Forexample, each GPIC module 30 a and 30 b would be granted access,followed by the EPIC modules, and finally the CMIC 40. After everyarbitration time period the next I/O module with a valid request wouldbe given access to the C channel 81. This pattern would continue as longas each of the I/O modules provide an active C channel 81 accessrequest.

Protocol or P-Channel

Referring once again to the protocol or P-channel, a plurality ofmessages can be placed on the P-channel in order to properly direct flowof data flowing on the C-channel. Since P-channel 82 is 64 bits wide,and a message typically requires 128 bits, two smaller 64 bit messagesare put together in order to form a complete P-channel message. Thefollowing list identifies the fields and function and the various bitcounts of the 128 bit message on the P-channel.

-   -   IP/IPX Bits—2 bits long—IP/IPX Bits—contains information on        Packet Type. Value 0—is L2 switched. Packet. Value 1—The packet        is IP Switched Packet. Value 2—The packet is IPX Switched        Packet. Value 3—The packet is IP Multicast Packet.    -   Next Cell—2 bits long—Next Cell has this unique requirement to        satisfy Cell header: Value 01—If the valid bytes in this cell        between 1 to 16. Value 02—If the valid bytes in this cell are        between 17 to 32. Value 03—If the valid bytes in this cell are        between 33 m to 48. Value 00—If the valid bytes in this cell are        between 49 to 64. For the First cell all four cycles are valid.    -   Src Dest Port—6 bits long—The Port Number which sends the        Message or receive the message. The interpretation of Source or        Destination depends on Opcode.    -   Cos—3 bits long—COS—Class of Service for this packet.    -   J Bit—1 bit long—J bit in the message identifies that the Packet        is a Jumbo Packet.    -   S Bit—1 bit long—S bit is used to identify that this is the        first cell of the Packet. When S bit is set all four cycles are        valid.    -   E Bit—1 bit long—E Bit is used to identify that this is the last        cell of the Packet. If E bit is set then the length field        contains the number of valid bytes in the transfer.    -   CRC Bits—2 bits long—Value 0x01—is Append CRC Bit. If it is set        then the egress Port should append the CRC to the packet. Value        0x02—is Regenerate CRC Bit. If this bit is set then the egress        Port should regenerate CRC. Value 0x00—no change in CRC. Value        0x03—unused.    -   P Bit—1 bit long—If this bit is set then MMU should Purge the        entire Packet.    -   Len—7 bits long—The Len Bits is used to identify the valid        number of bytes in this transfer. This field is valid for every        cell.    -   O Bits—2 bits long—Optimization Bits are provided for CPU so        that it can process the packet more efficiently. Value 0—Not        Used. Value 1—is set when the packet is send to the CPU as a        result of C Bit set in the Default Router Table. Value 2—Frame        Type Mismatch—If this bit is set then IPX Frame Packet Type does        not match the Packet Type in the IPX L3 Table. Value 3—Reserved.    -   Bc/Mc Bitmap—31 bits long—Broadcast and Multicast Bitmap. This        field identifies all the egress ports, the packet should be sent        to.    -   UnTagged Bits/Source Port (bit 0 . . . 5)—3⅕ bits long—If the        opcode is 0x02, that is, the packet is being transferred from        Port to MMU then this field is interpreted as Untagged Bitmap.        But if the opcode is 0x01, that is, the packet is being        transferred from MMU to Egress Port then the last 6 bits of this        field is interpreted as Source Port field.    -   Untagged Bits—This bits identifies all the egress ports which is        suppose to Strip the Tag Header. Source Port (bit 0 . . . 5)—The        Source Port Number i.e. the port number on which this packet has        entered the switch.    -   U Bit—1 bit long—U Bit—This field has meaning only if the opcode        is 0x01, that is, the packet is being transferred from MMU to        Egress. If this bit is set then the packet should go out of the        port as Untagged, that is, MAC has to do the Tag stripping.    -   Time Stamp—14 bits long—Time Stamp is a 14 bit running counter,        which the system puts in this field when the packet arrives.        Time Stamp is implemented with the granularity of 1 usec.    -   Vlan Id—12 bits long—Vlan Identifier. Note: In Orion-SA all the        packets on the CP Channel are transmitted as Tagged Packet. i.e.        the VLAN Id is sent along with the packet where as in Orion-SM        VLAN Id is passed on the Pchannel. That means any packet        (untagged or tagged) will go as is on Cell Channel.    -   Matched Filter—4 bits long—Matched Filter Rules—This field        identifies the matched Filter if the packet has to go to CPU as        a result of Filter match. This field is valid only if bit 0 of        CPU Opcodes is set. If the MSB (bit 4) is 0 then it is Filter        set 1, but is the MSB (bit 4) is 1 then it is Filter set 2.    -   CPU Opcodes—18 bits long—CPU Opcodes: We have provided these        bits for efficient processing of the packet by the CPU. These        bits are set if the packet is sent to the CPU for various        reasons. The following Opcodes are defined: Bit 0—Filter Match        Bit—This bit is set as a result of Filter match and one of the        Action of the filter is to send the Packet to CPU. Bit 1—This        bit is set if the 1) CPU Learn bit is set in the Port Based VLAN        Table and the Source Mac Address is learnt in the ARL Table,        or 2) CM Bit is set in the PVLAN table and it's a SLF or 3) the        incoming VLAN Id is not found in 802.1Q VLAN Table. Bit 2—This        bit is set if the Source Routing Bit is bit 40 of the Source Mac        Address. Bit 3—This bit is set if 1) it's a Destination lookup        failure or 2) there is L3 station Movement. Bit 4—Control Frame        Bit—This bit is set if the Packet is a BPDU, GVRP, GMRP or one        of the Reserved addresses. Bit 5—IP Packet Bit—This bit is set        if the Packet needs to be IP switched. Bit 6—IPX Packet Bit—This        bit is set if the Packet needs to be IPX switched. Bit 7—IP        Options Present Bit—This bit is set if IP options are present.        Bit 8—This bit is set if the Packet is Class D IP Multicast        Packet. Bit 9—This bit is set if TTL is zero or less after        decrement. Bit 10—Broadcast Bit—If this bit is set then the        Packet is a Broadcast Packet. Bit 11—Multicast Packet—This bit        is set if the Packet is a Multicast Packet.    -   New IP Checksum—16 bits long—New IP Checksum—This field is used        only for Layer 3 Switched—IP Multicast Packets. This field        contains the new IP checksum calculated by Ingress after        decrementing the TTL field.    -   L3 Port Bitmap—31 bits long—L3 Port Bitmap—identifies all the L3        switched ports for IP Multicast Packet.        Module Specific Fields    -   C Bit—1 bit long—Control Bit—The Control Bit identifies whether        this is a Control frame or a data frame. This bit is set to 1        for Control Frame and is set to 0 for data frame.    -   Mod Opcodes—3 bits long—Mod Opcodes—are used to identify the        Packet Type. Value 00—identifies that the packet is a unicast        Packet and the Egress Port is uniquely identified by Module Id        Bitmap (only one bit will be set in this field) and the Egress        Port Number. Value 01—identifies that the Packet is a Broadcast        or Destination Lookup Failure (DLF) and is destined to Multiple        Ports on the same Module or multiple ports on different Modules.        The Egress port is not a valid field in this scenario. Value        02—identifies that the packet is a multicast packet and is        addressed to multiple ports. Value 03—identifies that the Packet        is a IP Multicast Packet and is addressed to Multiple Ports.    -   TGID—3 bits long—TGID Bits—TGID identifies the Trunk Group        Identifier of the Source Port. This field is valid only if T bit        is set.    -   T—1 bit long—T Bit—If this bit is set then TGID is a valid        field.    -   MT Module Id—5 bits long—MT Module Id is “Mirrored-To” Module        Id. This field is used to send the packet to a “mirrored-to”        port, which is located on a remote Module. This field is valid        only if M bit is set.    -   M Bit—1 bit long—M Bit—If this bit is set then MT Module Id is a        valid field.    -   Remote Port—6 bits long—Remote Port is the Port Number on the        remote module, which is suppose to receive this packet.    -   Src Port—6 bits long—Source Port is the Source Port of the        Packet.    -   PFM Bits—2 bits long—PFM Bits is the Port Filtering Mode of the        Source Port. This bits are valid only for Multicast Packet.    -   Mod Id Bitmap—32 bits long—The Bitmap of all the modules that        should get this Packet.

The opcode field of the P-channel message defines the type of messagecurrently being sent. While the opcode is currently shown as having awidth of 2 bits, the opcode field can be widened as desired to accountfor new types of messages as may be defined in the future. Graphically,however, the P-channel message type defined above is shown in FIG. 5.

An early termination message is used to indicate to CBM 71 that thecurrent packet is to be terminated. During operation, as discussed inmore detail below, the status bit (S) field in the message is set toindicate the desire to purge the current packet from memory. Also inresponse to the status bit all applicable egress ports would purge thecurrent packet prior to transmission.

The Src Dest Port fiend of the P-channel message, as stated above,define the destination and source port addresses, respectively. Eachfield is 6 bits wide and therefore allows for the addressing ofsixty-four ports.

The CRC field of the message is two bits wide and defines CRC actions.Bit 0 of the field provides an indication whether the associated egressport should append a CRC to the current packet. An egress port wouldappend a CRC to the current packet when bit 0 of the CRC field is set toa logical one. Bit 1 of the CRC field provides an indication whether theassociated egress port should regenerate a CRC for the current packet.An egress port would regenerate a CRC when bit 1 of the CRC field is setto a logical one. The CRC field is only valid for the last celltransmitted as defined by the E bit field of P-channel message set to alogical one.

As with the CRC field, the status bit field (st), the Len field, and theCell Count field of the message are only valid for the last cell of apacket being transmitted as defined by the E bit field of the message.

Because SOC 10 is configured for efficient stacking configurations, 32bits are provided on protocol channel messages for a module ID bitmap,which is a bitmap of all of the modules of a stack which should get thepacket. Because of the importance of the module ID in SOC 10, the moduleID and the port number (determinable from the remote port field), areimportant for proper packet flow in a stack.

The time stamp field of the message has a resolution of 1 μs and isvalid only for the first cell of the packet defined by the S bit fieldof the message. A cell is defined as the first cell of a received packetwhen the S bit field of the message is set to a logical one value.

As is described in more detail below, the C channel 81 and the P channel82 are synchronously tied together such that data on C channel 81 istransmitted over the CPS channel 80 while a corresponding P channelmessage is simultaneously transmitted.

S-Channel or Sideband Channel

The S channel 83 is a 32-bit wide channel which provides a separatecommunication path within the SOC 10. The S channel 83 is used formanagement by CPU 52, SOC 10 internal flow control, and SOC 10inter-module messaging. The S channel 83 is a sideband channel of theCPS channel 80, and is electrically and physically isolated from the Cchannel 81 and the P channel 82. It is important to note that since theS channel is separate and distinct from the C channel 81 and the Pchannel 82, operation of the S channel 83 can continue withoutperformance degradation related to the C channel 81 and P channel 82operation. Conversely, since the C channel is not used for thetransmission of system messages, but rather only data, there is nooverhead associated with the C channel 81 and, thus, the C channel 81 isable to free-run as needed to handle incoming and outgoing packetinformation.

The S channel 83 of CPS channel 80 provides a system wide communicationpath for transmitting system messages, for example, providing the CPU 52with access to the control structure of the SOC 10. System messagesinclude port status information, including port link status, receiveport full, and port statistics, ARL table synchronization, CPU 52 accessto GBP 60 and CBP 50 memory buffers and SOC 10 control registers, andmemory full notification corresponding to GBP 60 and/or CBP 50.

FIG. 6 illustrates a message format for an S channel message on Schannel 83. The message is formed of four 32-bit words; the bits of thefields of the words are defined as follows:

-   -   Opcode—6 bits long—Identifies the type of message present on the        S channel;    -   Dest Port—6 bits long—Defines the port number to which the        current S channel message is addressed;    -   Src Port—6 bits long—Defines the port number of which the        current S channel message originated;    -   COS—3 bits long—Defines the class of service associated with the        current S channel message; and    -   C bit—1 bit long—Logically defines whether the current S channel        message is intended for the CPU 52.    -   Error Code—2 bits long—Defines a valid error when the E bit is        set;    -   DataLen—7 bits long—Defines the total number of data bytes in        the Data field;    -   E bit—1 bit long—Logically indicates whether an error has        occurred in the execution of the current command as defined by        opcode;    -   Address—32 bits long—Defines the memory address associated with        the current command as defined in opcode;    -   Data—0-127 bits long—Contains the data associated with the        current opcode.

With the configuration of CPS channel 80 as explained above, thedecoupling of the S channel from the C channel and the P channel is suchthat the bandwidth on the C channel can be preserved for cell transfer,and that overloading of the C channel does not affect communications onthe sideband channel.

SOC Operation

The configuration of the SOC 10 supports fast Ethernet ports, gigabitports, and extendible interconnect links as discussed above. The SOCconfiguration can also be stacked as noted previously, thereby enablingsignificant port expansion capability. Once data packets have beenreceived by SOC 10, sliced into cells, and placed on CPS channel 80,stacked SOC modules can interface with the CPS channel, monitor thechannel, and extract appropriate information as necessary. As will bediscussed below, a significant amount of concurrent lookups andfiltering occurs as the packet comes into ingress submodule 14 of anEPIC 20 or GPIC 30, with respect to layer two and layer three lookups,and fast filtering.

Now referring to FIGS. 8 and 9, the handling of a data packet isdescribed. For explanation purposes, Ethernet data to be received willconsider to arrive at one of the ports 24 a of EPIC 20 a. It will bepresumed that the packet is intended to be transmitted to a user on oneof ports 24 c of EPIC 20 c. All EPICs 20 (20 a, 20 b, 20 c, etc.) havesimilar features and functions, and each individually operate based onpacket flow.

An input data packet 112 is applied to the port 24 a is shown. The datapacket 112 is, in this example, defined per the current standards for10/100 Mbps Ethernet transmission and may have any length or structureas defined by that standard. This discussion will assume the length ofthe data packet 112 to be 1024 bits or 128 bytes.

It should be noted that each EPIC 20 and each GPIC 30 has an ingresssubmodule 14 and egress submodule 16, which provide port specificingress and egress functions. All incoming packet processing occurs iningress submodule 14, and features such as the fast filtering processor,layer two (L2) and layer three (L3) lookups, layer two learning, bothself-initiated and CPU 52 initiated, layer two table management, layertwo switching, packet slicing, offset application, and channeldispatching occurs in ingress submodule 14. After lookups, fast filterprocessing, and slicing into cells, as noted above and as will bediscussed below, the packet is placed from ingress submodule 14 intodispatch unit 18, and then placed onto CPS channel 80 and memorymanagement is handled by MMU 70. A number of ingress buffers areprovided in dispatch unit 18 to ensure proper handling of thepackets/cells. Once the cells or cellularized packets are placed ontothe CPS channel 80, the ingress submodule is finished with the packet.The ingress is not involved with dynamic memory allocation, or thespecific path the cells will take toward the destination. Egresssubmodule 16, illustrated in FIG. 8 as submodule 16 a of EPIC 20 a,monitors CPS channel 80 and continuously looks for cells destined for aport of that particular EPIC 20. When the MMU 70 receives a signal thatan egress associated with a destination of a packet in memory is readyto receive cells, MMU 70 pulls the cells associated with the packet outof memory, as will be discussed below, and places the cells on CPSchannel 80 destined for the appropriate egress submodule. A FIFO in theegress submodule 16 continuously sends a signal onto the CPS channel 80that it is ready to receive packets, when there is room in the FIFO forpackets or cells to be received. As noted previously, the CPS channel 80is configured to handle cells, but cells of a particular packet arealways handled together to avoid corrupting or misordering of packets.

In one embodiment of the subject invention, when data packet 112 isreceived by EPIC module 20 a, ingress sub-module 14 a within EPIC 20 a,as an ingress function, determines the destination of the packet 112.Specifically, the first 64 bytes of data packet 112 constituting headerinformation are buffered by the ingress sub-module 14 a and compared todata stored in the ARL/L3 tables 21 a to determine the destination port24 c of the data packet 112. Also as an ingress function, the ingresssub-module 14 a slices the data packet 112 into an appropriate number of64-byte cells. In this case, the exemplary 128 byte packet is sliced intwo 64 byte cells 112 a and 112 b. Although the exemplary data packet112 shown in this example is exactly two 64-byte cells 112 a and 112 b,an actual incoming data packet may, and often times does include anynumber of cells, wherein at least one of these cells isl of a lengthless than 64 bytes. In these situations, padding bytes are added to theincomplete cell to fill the entire 64 bytes of the cell. In such casesthe ingress sub-module 14 a disregards the padding bytes within the celland processes the packet as any other. Further discussions of packethandling will refer to packet 112 and/or cells 112 a and 112 b. Atypical cell format is shown in FIG. 11.

In order to overcome data flow degradation problems associated withoverhead usage of the C channel 81, all L2 learning and L2 tablemanagement is achieved through the use of the S channel 83. L2self-initiated learning is achieved by deciphering the source address ofa user at a given ingress port 24 utilizing the packet's associatedaddress. Once the identity of the user at the ingress port 24 isdetermined, the ARL/L3 tables 21 a are updated to reflect the useridentification. The ARL/L3 tables 21 of each other EPIC 20 and GPIC 30are updated to reflect the newly acquired user identification in asynchronizing step, as will be discussed below. As a result, while theingress of EPIC 20 a may determine that a given user is at a given port24 a, the egress of EPIC 20 b, whose table 21 b has been updated withthe user's identification at port 24 a, can then provide information tothe user at port 24 a without re-learning which port the user wasconnected, which increases the ARL lookup efficiency of SOC 10.

Table management may also be achieved through the use of CPU 52. CPU 52,via the CMIC 40, can provide the SOC 10 with software functions thatresult in the designation of the identification of a user at a givenport 24. However, as discussed above, it is undesirable for the CPU 52to continually access the packet information in its entirety, as thiswould lead to performance degradation. Rather, the SOC 10 is generallyprogrammed by the CPU 52 with identification information concerning theuser. Thereafter, SOC 10 can maintain real-time data flow, as the tabledata communication between the CPU 52 and the SOC 10 occurs exclusivelyon the S channel 83. While the SOC 10 can provide the CPU 52 with directpacket information via the C channel 81, such a system setup isundesirable for the reasons set forth above. As stated above, as aningress function an address resolution lookup is performed by examiningthe ARL table 21 a. If the packet is addressed to one of the layer three(L3) switches of the SOC 10, then the ingress sub-module 14 a performsthe L3 and default table lookup. Once the destination port has beendetermined, the EPIC 20 a sets a ready flag in the dispatch unit 18 awhich then arbitrates for C channel 81.

If all the I/O modules, including the MMU 70, request C channel 81access, MMU 70 is granted access as shown in FIG. 4B since the MMUprovides a critical data path for all modules on the switch. Upongaining access to the channel 81, the dispatch unit 18 a (FIG. 9)proceeds in passing the received packet 112, one cell at a time, to Cchannel 81.

Referring again to FIG. 3, the individual C, P, and S channels of theCPS channel 80 are shown. Once the dispatch unit 18 a has been givenpermission to access the CPS channel 80, during the first time periodCn0, the dispatch unit 18 a places the first 16 bytes of the first cell112 a of the received packet 112 on the C channel 81. Concurrently, thedispatch unit 18 a places the first P channel message corresponding tothe currently transmitted cell. As stated above, the first P channelmessage defines, among other things, the message type. Therefore, thisexample is such that the first P channel message would define thecurrent cell as being a unicast type message to be directed to thedestination egress port 21 c.

During the second clock cycle Cn1, the second 16 bytes (16:31) of thecurrently transmitted data cell 112 a are placed on the C channel 81.Likewise, during the second clock cycle Cn1, the Bc/Mc Port Bitmap isplaced on the P channel 82.

As indicated by the illustration of the S channel 83 data during thetime periods Cn0 to Cn3 in FIG. 3, the operation of the S channel 83 isdecoupled from the operation of the C channel 81 and the P channel 82.For example, the CPU 52, via the CMIC 40, can pass system level messagesto non-active modules while an active module passes cells on the Cchannel 81. As previously stated, this is an important aspect of the SOC10 since the S channel operation allows parallel task processing,permitting the transmission of cell data on the C channel 81 inreal-time. Once the first cell 112 a of the incoming packet 112 isplaced on the CPS channel 80 the MMU 70 determines whether the cell isto be transmitted to an egress port 21 local to the SOC 10.

If the MMU 70 determines that the current cell 112 a on the C channel 81is destined for an egress port of the SOC 10, the MMU 70 takes controlof the cell data flow.

FIG. 10 illustrates, in more detail, the functional egress aspects ofMMU 70. MMU 70 includes CBM 71, and interfaces between the GBP 60, CBP50 and a plurality of egress managers (EgM) 76 of egress submodule 18,with one egress manager 76 being provided for each egress port. CBM 71is connected to each egress manager 76, in a parallel configuration, viaR channel data bus 77. R channel data bus 77 is a 32-bit wide bus usedby CBM 71 and egress managers 76 in the transmission of memory pointersand system messages. Each egress manager 76 is also connected to CPSchannel 80, for the transfer of data cells 112 a and 112 b.

CBM 71, in summary, performs the functions of on-chip FAP (free addresspool) management, transfer of cells to CBP 50, packet assembly andnotification to the respective egress managers, rerouting of packets toGBP 60 via a global buffer manager, as well as handling packet flow fromthe GBP 60 to CBP 50. Memory clean up, memory budget management, channelinterface, and cell pointer assignment are also functions of CBM 71.With respect to the free address pool, CBM 71 manages the free addresspool and assigns free cell pointers to incoming cells. The free addresspool is also written back by CBM 71, such that the released cellpointers from various egress managers 76 are appropriately cleared.Assuming that there is enough space available in CBP 50, and enough freeaddress pointers available, CBM 71 maintains at least two cell pointersper egress manager 76 which is being managed. The first cell of a packetarrives at an egress manager 76, and CBM 71 writes this cell to the CBMmemory allocation at the address pointed to by the first pointer. In thenext cell header field, the second pointer is written. The format of thecell as stored in CBP 50 is shown in FIG. 11; each line is 18 byteswide. Line 0 contains appropriate information with respect to first celland last cell information, broadcast/multicast, number of egress portsfor broadcast or multicast, cell length regarding the number of validbytes in the cell, the next cell pointer, total cell count in thepacket, and time stamp. The remaining lines contain cell data as 64 bytecells. The free address pool within MMU 70 stores all free pointers forCBP 50. Each pointer in the free address pool points to a 64-byte cellin CBP 50; the actual cell stored in the CBP is a total of 72 bytes,with 64 bytes being byte data, and 8 bytes of control information.Functions such as HOL blocking high and low watermarks, out queue budgetregisters, CPID assignment, and other functions are handled in CBM 71,as explained herein.

When MMU 70 determines that cell 112 a is destined for an appropriateegress port on SOC 10, MMU 70 controls the cell flow from CPS channel 80to CBP 50. As the data packet 112 is received at MMU 70 from CPS 80, CBM71 determines whether or not sufficient memory is available in CBP 50for the data packet 112. A free address pool (not shown) can providestorage for at least two cell pointers per egress manager 76, per classof service. If sufficient memory is available in CBP 50 for storage andidentification of the incoming data packet, CBM 71 places the data cellinformation on CPS channel 80. The data cell information is provided byCBM 71 to CBP 50 at the assigned address. As new cells are received byMMU 70, CBM 71 assigns cell pointers. The initial pointer for the firstcell 112 a points to the egress manager 76 which corresponds to theegress port to which the data packet 112 will be sent after it is placedin memory. In the example of FIG. 8, packets come in to port 24 a ofEPIC 20 a, and are destined for port 24 c of EPIC 20 c. For eachadditional cell 112 b, CBM 71 assigns a corresponding pointer. Thiscorresponding cell pointer is stored as a two byte or 16 bit valueNC_header, in an appropriate place on a control message, with theinitial pointer to the corresponding egress manager 76, and successivecell pointers as part of each cell header, a linked list of memorypointers is formed which defines packet 112 when the packet istransmitted via the appropriate egress port, in this case 24 c. Once thepacket is fully written into CBP 50, a corresponding CBP PacketIdentifier (CPID) is provided to the appropriate egress manager 76; thisCPID points to the memory location of initial cell 112 a. The CPID forthe data packet is then used when the data packet 112 is sent to thedestination egress port 24 c. In actuality, the CBM 71 maintains twobuffers containing a CBP cell pointer, with admission to the CBP beingbased upon a number of factors. An example of admission logic for CBP 50will be discussed below with reference to FIG. 12.

Since CBM 71 controls data flow within SOC 10, the data flow associatedwith any ingress port can likewise be controlled. When packet 112 hasbeen received and stored in CBP 50, a CPID is provided to the associatedegress manager 76. The total number of data cells associated with thedata packet is stored in a budget register (not shown). As more datapackets 112 are received and designated to be sent to the same egressmanager 76, the value of the budget register corresponding to theassociated egress manager 76 is incremented by the number of data cells112 a, 112 b of the new data cells received. The budget registertherefore dynamically represents the total number of cells designated tobe sent by any specific egress port on an EPIC 20. CBM 71 controls theinflow of additional data packets by comparing the budget register to ahigh watermark register value or a low watermark register value, for thesame egress.

When the value of the budget register exceeds the high watermark value,the associated ingress port is disabled. Similarly, when data cells ofan egress manager 76 are sent via the egress port, and the correspondingbudget register decreases to a value below the low watermark value, theingress port is once again enabled. When egress manager 76 initiates thetransmission of packet 112, egress manager 76 notifies CBM 71, whichthen decrements the budget register value by the number of data cellswhich are transmitted. The specific high watermark values and lowwatermark values can be programmed by the user via CPU 52. This givesthe user control over the data flow of any port on any EPIC 20 or GPIC30, and of IPIC 90.

Egress manager 76 is also capable of controlling data flow. Each egressmanager 76 is provided with the capability to keep track of packetidentification information in a packet pointer budget register; as a newpointer is received by egress manager 76, the associated packet pointerbudget register is incremented. As egress manager 76 sends out a datapacket 112, the packet pointer budget register is decremented. When astorage limit assigned to the register is reached, corresponding to afull packet identification pool, a notification message is sent to allingress ports of the SOC 10, indicating that the destination egress portcontrolled by that egress manager 76 is unavailable. When the packetpointer budget register is decremented below the packet pool highwatermark value, a notification message is sent that the destinationegress port is now available. The notification messages are sent by CBM71 on the S channel 83.

As noted previously, flow control may be provided by CBM 71, and also byingress submodule 14 of either an EPIC 20, GPIC 30, or by IPIC 90.Ingress submodule 14 monitors cell transmission into port 24. When adata packet 112 is received at a port 24, the ingress submodule 14increments a received budget register by the cell count of the incomingdata packet. When a data packet 112 is sent, the corresponding ingress14 decrements the received budget register by the cell count of theoutgoing data packet 112. The budget register 72 is decremented byingress 14 in response to a decrement cell count message initiated byCBM 71, when a data packet 112 is successfully transmitted from CBP 50.

Efficient handling of the CBP 50 and GBP 60 is necessary in order tomaximize throughput, to prevent port starvation, and to prevent portunderrun. For every ingress, there is a low watermark and a highwatermark; if cell count is below the low watermark, the packet isadmitted to the CBP, thereby preventing port starvation by giving theport an appropriate share of CBP space.

FIG. 12 generally illustrates the handling of a data packet 112 when itis received at an appropriate ingress port. This figure illustratesdynamic memory allocation on a single port, and is applicable for eachingress port of SOC 10. In step 12-1, the incoming packet length isestimated by estimating the cell count based upon the egress managercount plus the incoming cell count. After this cell count is estimated,the GBP 60 current cell count is checked at step 12-2 to determinewhether or not GBP 60 is empty. If the GBP cell count is 0, thusindicating that GBP 60 is empty, then the method proceeds to step 12-3,where it is determined whether or not the estimated cell count from step12-1 is less than the admission low watermark of CBP 50. The admissionlow watermark value enables the reception of new packets 112 into CBP 50if the total number of cells in the associated egress is below theadmission low watermark value. If the cell count is less than theadmission low watermark of CBP 50, then the packet is admitted into CBP50 at step 12-5. If the estimated cell count is not below the admissionlow watermark, then CBM 71 then must arbitrate for CBP memory allocationwith other ingress ports of other EPICs and GPICs in step 12-4. If thearbitration process is unsuccessful, then the incoming packet is sent toa reroute process, referred to as A in FIG. 12, which reroutes thepacket to GBP 60. Alternatively, if the arbitration is successful, thenthe packet is admitted to CBP 50 at step 12-5. Admission of packet 112to CBP 50 is preferred, in order to facilitate linespeed communication.

The above discussion is directed to the situation wherein the GBP cellcount is determined to be 0, representing an empty external memory. Ifin step 12-2 the GBP cell count is determined not to be 0, then themethod proceeds to step 12-6, where the estimated cell count determinedin step 12-1 is compared to the admission high watermark of CBP 50. Ifthe estimated cell count is greater than the admission high watermark ofCBP 50, then the packet is rerouted to GBP 60 at step 12-7. If theestimated cell count is less than the admission high watermark, then theestimated cell count is compared to the admission low watermark of CBP50 at step 12-8. If the estimated cell count is determined to be greaterthan the admission low watermark, which means that the estimated cellcount is between the high watermark and the low watermark, then thepacket is rerouted to GBP 60 at step 12-7. If the estimated cell countis below the admission low watermark, then the GBP current count iscompared with a reroute cell limit value at step 12-9. This reroute celllimit value is user programmable through CPU 52. If the GBP count isbelow or equal to the reroute cell limit value at step 12-9, then theestimated cell count and GBP count are compared with an estimated cellcount low watermark. If the combination of estimated cell count and GBPcount are less than the estimated cell count low watermark, the packetis admitted to the CBP 50 at step 12-5. If the sum is greater than theestimated cell count low watermark, then the packet is rerouted to GBP60 at step 12-7. After rerouting to GBP 60, the GBP cell count isupdated, and the packet processing is finished. It should be noted thatif both the CBP 50 and the GBP 60 are full, then the packet is dropped.Dropped packets are handled in accordance with known Ethernet or networkcommunication procedures, and have the effect of delaying communication.However, this configuration applies appropriate back pressure by settingwatermarks, through CPU 52, to appropriate buffer values on a per portbasis to maximize memory utilization and minimize dropped packets. ThisCBP/GBP admission logic results in a distributed hierarchical sharedmemory configuration, with a hierarchy between CBP 50 and GBP 60, andhierarchies within the CBP 50.

If the packet 112, discussed above with respect to FIG. 12 is destinedfor the IPIC, and therefore intended to be sent out of the highperformance interconnect, then the packet is immediately switched to theIPIC module, and does not need to be admitted to either the CBP 50 orGBP 60. After the destination address is determined to be associatedwith the IPIC, the packet is placed on C channel 81 as illustrated inFIG. 8, and is “picked up” by IPIC 90 where it is placed into NBP 92.After the destination address for destinations located on IPIC 90 havebeen learned, then a packet coming in to port 24, destined for a port onIPIC 90 is sliced into cells, and placed on CPS channel 80, destineddirectly for NBP 92 of IPIC 90. The cells associated with the packet arenot handled by MMU 70, and therefore are not subjected to CBP/GBPadmission logic as discussed above. If the destination address has not,however, been learned, then the packet is sent to all ports throughCBP/GBP admission logic, and also through NBP 92. A more detaileddiscussion of NBP 92 and IPIC 90 will be found later.

Address Resolution (L2)+(L3)

FIG. 14 illustrates some of the concurrent filtering and look-up detailsof a packet coming into the ingress of an EPIC 20. FIG. 12, as discussedpreviously, illustrates the handling of a data packet with respect toadmission into the distributed hierarchical shared memory. FIG. 14addresses the application of filtering, flow monitoring, addressresolution, and rules application segments of SOC 10. These functionsare performed simultaneously with respect to the CBP 50 and GBP 60admission discussed above. As shown in the figure, packet 112 isreceived at an input port 24 of EPIC 20, and is then directed to inputFIFO 142. As soon as the first sixteen bytes of the data packet arrivein the input FIFO 142, an address resolution request is sent to ARLengine 143, which initiates an address lookup in the ARL/L3 tables 21.

A description of the fields within ARL/L3 tables 21 is as follows:

-   -   Mac Address—48 bits long—Mac Address;    -   VLAN tag—12 bits long—VLAN Tag Identifier as described in IEEE        802.1q standard for tagged packets. For an untagged Packet, this        value is picked up from Port Based VLAN Table.    -   CosDst—3 bits long—Class of Service based on the Destination        Address. COS identifies the priority of this packet. 8 levels of        priorities as described in IEEE 802.1p standard.    -   Port Number—6 bits long—Port Number is the port on which this        Mac address is learned.    -   SD_Disc Bits—2 bits long—These bits identifies whether the        packet should be discarded based on Source Address or        Destination Address. Value 1 means discard on source. Value 2        means discard on destination.    -   C bit—1 bit long—C Bit identifies that the packet should be        given to CPU Port.    -   St Bit—1 bit long—St Bit identifies that this is a static entry        (it is not learned Dynamically) and that means is should not be        aged out. Only CPU 52 can delete this entry.    -   Ht Bit—1 bit long—Hit Bit—This bit is set if there is match with        the Source Address. It is used in the aging Mechanism.    -   CosSrc—3 bits long—Class of Service based on the Source Address.        COS identifies the priority of this packet.    -   L3 Bit—1 bit long—L3 Bit—identifies that this entry is created        as result of L3 Interface Configuration. The Mac address in this        entry is L3 interface Mac Address and that any Packet addresses        to this Mac Address need to be routed.    -   T Bit—1 bit long—T Bit identifies that this Mac address is        learned from one of the Trunk Ports. If there is a match on        Destination address then output port is not decided on the Port        Number in this entry, but is decided by the Trunk Identification        Process based on the rules identified by the RTAG bits and the        Trunk group Identified by the TGID.    -   TGID—3 bits long—TGID identifies the Trunk Group if the T Bit is        set. SOC 10 supports 6 Trunk Groups per switch.    -   RTAG—3 bits long—RTAG identifies the Trunk selection criterion        if the destination address matches this entry and the T bit is        set in that entry. Value 1—based on Source Mac Address. Value        2—based on Destination Mac Address. Value 3—based on Source &        destination Address. Value 4—based on Source IP Address. Value        5—based on Destination IP Address. Value 6—based on Source and        Destination IP Address.    -   S C P—1 bit long—Source CoS Priority Bit—If this bit is set (in        the matched Source Mac Entry) then Source CoS has priority over        Destination Cos.    -   Module ID—5 bits long—Module ID identifies the module on which        this MAC address is learned.

SOC 10 also includes a multicast table, for appropriate handling ofmulticast packets. One configuration of the multicast table would be 256bits deep and 128 bits wide. The search fields of the multicast tablecould be, in one embodiment, as follows:

-   -   Mac Address—48 bits long—Mac Address.    -   VLAN Tag—12 bits long—VLAN Tag Identifier as described in IEEE        802.1q standard.    -   CosDst—3 bits long—Class of Service based on the Destination        Address. COS identifies the priority of this packet. We support        8 levels of priorities as described in IEEE 802.1p standard.    -   Mc Port Bitmap—31 bits long—Port Bitmap Identifies all the        egress ports on which the packet should go.    -   Untagged Bitmap—31 bits long—This bitmap identifies the Untagged        Members of the VLAN. i.e. if the frame destined out of these        member ports should be transmitted without Tag Header.    -   Module Id Bitmap—32 bits long—Module Id Bitmap identifies all        the Modules that the packets should go to.

It should also be noted that VLAN tables 23 include a number of tableformats; all of the tables and table formats will not be discussed here.However, as an example, the port based VLAN table fields are describedas follows:

-   -   Port VLAN Id—12 bits long—Port VLAN Identifier is the VLAN Id        used by Port Based VLAN.    -   Sp State—2 bits long—This field identifies the current Spanning        Tree State. Value 0x00—Port is in Disable State. No packets are        accepted in this state, not even BPDUs. Value 0x01—Port is in        Blocking or Listening State. In this state no packets are        accepted by the port, except BPDUs. Value 0x02—Port is in        Learning State. In this state the packets are not forwarded to        another Port but are accepted for learning. Value 0x03—Port is        in Forwarding State. In this state the packets are accepted both        for learning and forwarding.    -   Port Discard Bits—6 bits long—There are 6 bits in this field and        each bit identifies the criterion to discard the packets coming        in this port. Note: Bits 0 to 3 are not used. Bit 4—If this bit        is set then all the frames coming on this port will be        discarded. Bit 5—If this bit is set then any 802.1q Priority        Tagged (vid=0) and Untagged frame coming on this port will be        discarded.    -   J Bit—1 bit long—J Bit means Jumbo bit. If this bit is set then        this port should accept Jumbo Frames.    -   RTAG—3 bits long—RTAG identifies the Trunk selection criterion        if the destination address matches this entry and the T bit is        set in that entry. Value 1—based on Source Mac Address. Value        2—based on Destination Mac Address. Value 3—based on Source &        destination Address. Value 4—based on Source IP Address. Value        5—based on Destination IP Address. Value 6—based on Source and        Destination IP Address.    -   T Bit—1 bit long—This bit identifies that the Port is a member        of the Trunk Group.    -   C Learn Bit—1 bit long—Cpu Learn Bit—If this bit is set then the        packet is send to the CPU whenever the source Address is        learned.    -   PT—2 bits long—Port Type identifies the port Type. Value 0-10        Mbit Port. Value 1—100 Mbit Port. Value 2—1 Gbit Port. Value        3—CPU Port.    -   VLAN Port Bitmap—28 bits long—VLAN Port Bitmap Identifies all        the egress ports on which the packet should go out.    -   B Bit—1 bit long—B bit is BPDU bit. If this bit is set then the        Port rejects BPDUs. This Bit is set for Trunk Ports which are        not supposed to accept BPDUs.    -   TGID—3 bits long—TGID—this field identifies the Trunk Group        which this port belongs to.    -   Untagged Bitmap—28 bits long—This bitmap identifies the Untagged        Members of the VLAN. i.e. if the frame destined out of these        members ports should be transmitted without Tag Header.    -   M Bits—1 bit long—M Bit is used for Mirroring Functionality. If        this bit is set then mirroring on Ingress is enabled.

SOC 10 may also include a plurality of 802.1Q tagged VLAN tables, whichcan be used to get all of the member ports of explicitly tagged VLANs.The table can be, for example, 64 entries deep and 68 bits wide. Thefields could be as follows:

-   -   VLAN Tag—12 bits long—VLAN Tag Identifier as described in IEEE        802.1q standard.    -   VLAN Port Bitmap—28 bits long—VLAN port bitmap identifies all of        the egress ports on which the packet should be sent.    -   Untagged Bitmap—28 bits long—This bitmap identifies the untagged        members of the VLAN. Therefore, this bitmap identifies if the        frame from these member ports should be transmitted with or        without a tag header.

Referring to the discussion of address resolution, and also referring toFIG. 14, the ARL engine 143 reads the packet; if the packet has a VLANtag according to IEEE Standard 802.1q, then ARL engine 143 performs alook-up based upon tagged VLAN table 231, which is part of VLAN table23. If the packet does not contain this tag, then the ARL engineperforms VLAN lookup based upon the port based VLAN table 232. Once theVLAN is identified for the incoming packet, ARL engine 143 performs anARL table search based upon the source MAC address and the destinationMAC address. If the results of the destination search is an L3 interfaceMAC address, then an L3 search is performed of an L3 table within ARL/L3table 21. If the L3 search is successful, then the packet is modifiedaccording to packet routing rules.

To better understand lookups, learning, and switching, it may beadvisable to once again discuss the handling of packet 112 with respectto FIG. 8. If data packet 112 is sent from a source station A into port24 a of EPIC 20 a, and destined for a destination station B on port 24 cof EPIC 20 c, ingress submodule 14 a slices data packet 112 into cells112 a and 112 b. The ingress submodule then reads the packet todetermine the source MAC address and the destination MAC address. Asdiscussed previously, ingress submodule 14 a, in particular ARL engine143, performs the lookup of appropriate tables within ARL/L3 tables 21a, and VLAN table 23 a, to see if the destination MAC address exists inARL/L3 tables 21 a; if the address is not found, but if the VLAN IDs arethe same for the source and destination, then ingress submodule 14 awill set the packet to be sent to all ports on the VLAN. The packet willthen propagate to the appropriate destination address. A “source search”and a “destination search” occurs in parallel. When the source addressis not found on a source lookup, a source lookup failure (SLF) occurs.Upon the occurrence of an SLF, the source MAC address of the incomingpacket is “learned”, and therefore added to an ARL table within ARL/L3tables 21 a. After the packet is received by the destination, anacknowledgment is sent by destination station B to source station A.Since the source MAC address of the incoming packet is learned by theappropriate table of B, the acknowledgment is appropriately sent to theport on which A is located. The destination address for theacknowledgment packet or packets is known since it was previously thesource address which was learned as a result of the initial SLF. Whenthe acknowledgment is received at port 24 a, therefore, the ARL tablelearns the source MAC address of B from the acknowledgment packet. Itshould be noted that as long as the VLAN IDs (for tagged packets) ofsource MAC addresses and destination MAC addresses are the same, layertwo switching as discussed above is performed. L2 switching and lookupis therefore based on the first 16 bytes of an incoming packet. Foruntagged packets, the port number field in the packet is indexed to theport-based VLAN table within VLAN table 23 a, and the VLAN ID can thenbe determined. If the VLAN IDs are different, however, L3 switching isnecessary wherein the packets are sent to a different VLAN. L3switching, however, is based on the IP header field of the packet. TheIP header includes source IP address, destination IP address, and TTL(time-to-live).

If data packet 112 were sent from a source station A into port 24 a ofEPIC 20 a, and was destined for IPIC 90, the same learning process uponoccurrence of an SLF, and the same sending of the packet to all portsupon the occurrence of a DLF, would occur. IPIC 90 is treatedessentially as any other port on SOC 10, with notable exceptionsregarding the existence of NBP 92, as discussed above and as will bediscussed below.

In order to more clearly understand layer three switching on SOC 10,data packet 112 is sent from source station A onto port 24 a of EPIC 20a, and is directed to destination station B; assume, however, thatstation B is disposed on a different VLAN, as evidenced by the sourceMAC address and the destination MAC address having differing VLAN IDs.The lookup for B would be unsuccessful since B is located on a differentVLAN, and merely sending the packet to all ports on the same VLAN wouldresult in B never receiving the packet. Layer three switching,therefore, enables the bridging of VLAN boundaries, but requires readingof more packet information than just the MAC addresses of L2 switching.In addition to reading the source and destination MAC addresses,therefore, ingress 14 a also reads the IP address of the source anddestination. As noted previously, packet types are defined by IEEE andother standards, and are known in the art. By reading the IP address ofthe destination, SOC 10 is able to target the packet to an appropriaterouter interface which is consistent with the destination IP address.Packet 112 is therefore sent on to CPS channel 80 through dispatch unit18 a, destined for a port connected to an appropriate router interface(not shown, and not part of SOC 10), upon which destination B islocated. Control frames, identified as such by their destinationaddress, are sent to CPU 52 via CMIC 40. The destination MAC address,therefore, is the router MAC address for B. The router MAC address islearned through the assistance of CPU 52, which uses an ARP (addressresolution protocol) request to request the destination MAC address forthe router for B, based upon the IP address of B. Through the use of theIP address, therefore, SOC 10 can learn the MAC address. Through theacknowledgment and learning process, however, it is only the firstpacket that is subject to this “slow” handling because of theinvolvement of CPU 52. After the appropriate MAC addresses are learned,linespeed switching can occur through the use of concurrent tablelookups since the necessary information will be learned by the tables.Implementing the tables in silicon as two-dimensional arrays enablessuch rapid concurrent lookups. Once the MAC address for B has beenlearned, therefore, when packets come in with the IP address for B,ingress 14 a changes the IP address to the destination MAC address, inorder to enable linespeed switching. Also, the source address of theincoming packet is changed to the router MAC address for A rather thanthe IP address for A, so that the acknowledgment from B to A can behandled in a fast manner without needing to utilize a CPU on thedestination end in order to identify the source MAC address to be thedestination for the acknowledgment. Additionally, a TTL (time-to-live)field in the packet is appropriately manipulated in accordance with theIETF (Internet Engineering Task Force) standard. A unique aspect of SOC10 is that all of the switching, packet processing, and table lookupsare performed in hardware, rather than requiring CPU 52 or another CPUto spend time processing instructions. It should be noted that the layerthree tables for EPIC 20 can have varying sizes; in a preferredembodiment, these tables are capable of holding up to 2000 addresses,and are subject to purging and deletion of aged addresses, as explainedherein.

As mentioned previously, when a data packet 112 enters SOC 10 through aport 24 and is sent to ingress submodule 14, an address lookup isperformed on ARL/L3 table 21 to determine if that address has alreadybeen learned. The lookup is logically performed on an appropriate table21 by a search engine 210, as shown in FIG. 38. Lookups are typicallyenabled by the fact that the tables are stored in sorted order, andaddresses are searched utilizing a binary or lockstep-type searchmethod.

The present invention includes a method and structure for acceleratingsearches within an address table 21, such as a layer 2 table. Referringto FIG. 39, a more detailed view of an accelerated lookup configurationis disclosed with respect to address table 21 and search engine 210. Inone example, address table 21 might be a single 8K sorted table that issearched by a single search engine 210. In the accelerated example shownin FIG. 38, this single address table 21 is split into two half-sizedtables 211 and 212, with each half-sized table having 4K entries. Thetable can be split by having address table 211 contain all of the evenaddressed entries from original address table 21, and table 212containing all of the odd addressed entries from original address table21. By splitting the original address table 21 into two separate tablesbased upon the last bit of the table address, each of tables 211 and 212remain in sorted order, and contain entries from the entire addressrange of the original table 21. Search engine 210 can then be dividedinto two separate search engines, first search engine 213 and secondsearch engine 214, as shown in FIG. 38, which are configured to performsimultaneous address lookups for two data packets. In SOC 10, since eachEPIC module 20 and/or GPIC module 30 has a plurality of ports, packetsare queued for lookup. Concurrent and/or simultaneous lookups arepossible, as the search algorithm which is implemented in SOC 10 doesnot differentiate between even and odd addressed entries until the verylast search cycle. This optimization, therefore, enables a significantamount of the searching for two separate packet addresses to beperformed simultaneously, in parallel, thereby nearly doublingthroughput, even though the actual time required to complete eachindividual lookup does not change.

Therefore, when two packets come into an EPIC module 20 for addresslookup, source and destination address lookups are interleaved, therebytime multiplexing the resources of SOC 10 for maximum efficiency. Theutilization of two search engines 213 and 214 enables the search enginesto operate in a simultaneous manner as they search tables 211 and 212,utilizing different search keys. Only the last comparison in the binarysearch will differentiate between even and odd addresses. Therefore, foran 8K deep address table 21 that is divided into two 4K deep tables, 211and 212, the first twelve search cycles for the incoming packetaddresses are done in parallel, while the 13th and final search cycle,which is conducted only if the respective search engine has not yetfound a match for a desired address in the address table, requires anaccess to the other address table to locate the desired address.Referring to FIG. 40 a, an original un-divided table is shown as 21.FIG. 40 b illustrates how, in this embodiment of the invention, table 21is divided into two tables 211 and 212, wherein table 211 contains evenaddress locations and table 212 contains odd address locations, bothremaining in sorted order.

As a first example of the operation of this embodiment, assume a firstdata packet and a second data packet come into a single GPIC 20 on SOC10, and are submitted for address lookups. Assume that the first packetcomes from MAC address D, and is destined for a MAC address AE. Thesecond packet is coming from MAC address Z and is destined for MACaddress AH. In a switch requiring a four clock cycle overhead, theaddress lookups begin essentially simultaneously at clock cycle 4, withthe first packet being handled by first search engine 213, and thesecond packet being handled by second search engine 214. First searchengine 213 initially searches the even address memory locations in table211, while second search engine 214 searches the odd address memorylocations in table 212, as illustrated by FIG. 40 b. The tables beingappropriately sorted, the search engines are configured to initiatebinary searches which proceed in a lockstep or parallel manner beginningat the middle entry of the respective tables. Therefore, first searchengine 213 initiates searching of table 211 at memory address location16, and compares the source address D of the first data packet as thesource search key with entry Q, which is stored at memory addresslocation 16, as shown in FIG. 40 b. The result of this comparison is thedetermination that the first search engine 213 should continue searchingfor the desired address at lower memory address locations, as addressentry Q is numerically greater than the desired address D, indicatingthat the desired address, if in the table, must be stored at a lowermemory address location. As discussed previously, both a source addressand a destination address lookup for each data packet must be performed.Therefore, at clock cycle 5, first search engine 213 compares thedestination address AE of the first data packet as the search key withthe entry Q stored in middle memory address location 16, and determinesthat the search should continue at higher memory address locations, asentry Q is numerically, in hexadecimal, lower than the desired addressAE. This indicates that the desired destination address, if in thetable, must be stored at a higher memory address location. At clockcycle 6, first search engine 213 looks in memory address location 8,comparing the search key D with entry I, and determines that the searchshould continue at lower memory address locations, in similar fashion tothat which is discussed above. At clock cycle 7, first search engine 213looks in memory address location 24, comparing destination search key AEwith entry Y, and determines that the search should continue at highermemory address locations. At clock cycle 8, first search engine 213looks in memory address location 4, comparing source search key D withthe entry E stored at that location. As a result of the comparison, itis determined that the search should continue at lower memory addresslocations. At clock cycle 9, first search engine 213 looks in memoryaddress location 28, comparing the destination search key AE withaddress entry AC, and determines that the search should continue athigher memory address locations. At clock cycle 10, first search engine213 looks in memory address location 2 and compares source search key Dwith entry C, and determines that the search should continue in the oddaddress table 212 at memory address location 3. This determination is aresult of the first search engine 213 determining that the desiredaddress D has not been found in either memory address locations 2 or 4,which are sequential entries that numerically surround the desiredaddress. Therefore, in view of this situation, it is known that thedesired address does not reside in the first table 211, and thus, thefirst search engine 213 must attempt to look in the second address table212 at memory address location 3, as this memory address location isinterstitially positioned between the previously searched memory addresslocations 2 and 4. At clock cycle 11, first search engine 213 looks inmemory address location 30, the final memory address location in theeven address table 211, comparing destination search key AE with entryAE, and determines that the result is a hit at clock 12. Inasmuch as ahit was determined, first search engine 213 does not continue to searchfor AE in the odd address table 212, as the destination address lookupfor the first packet is complete. However, the source address is stillnot found, and therefore, at clock cycle 12, first search engine 213looks in the odd address table 212 at memory address location 3,comparing source search key D with entry D, and determines that theresult is a hit at clock cycle 13. Thus, the address lookup for thefirst packet is complete, as both the source and destination addresseshave been found within the respective address lookup tables.

While search engine 213 is conducting the aforementioned lookupsassociated with the source and destination addresses of the first datapacket, second search engine 214 is simultaneously performing thelookups for the source and destination addresses of the second datapacket. At clock cycle 4, simultaneously with first search engine 213'scomparison of even memory address location 16, second search engine 214looks in odd memory address location 17, which represents the middle ofthe odd address table 212. Second search engine 214 compares sourcesearch key Z with the address entry R, and determines that the searchshould continue at higher memory address locations, as R is numericallyless than the desired address. At clock cycle 5, second search engine214 looks in memory address 17, comparing destination address search keyAH with entry R, and determines that the search should continue athigher memory address locations, as the desired address is numericallyless than the entry stored at memory address location 17. At clock cycle6, second search engine 214 looks in memory address location 25,comparing the source search key Z with entry Z, and determines that theresult is a hit at clock 7. The source address lookup for the seconddata packet is therefore complete. At clock cycle 7, second searchengine 214 continues looking for the destination address by looking inmemory address location 25, and comparing the destination search key AHwith entry Z. This comparison determines that the search should continueat higher memory address locations. At clock cycle 9, second searchengine 214 evaluates the contents of memory address location 29,comparing destination search key AH with entry AD, and determines thatthe search should continue at higher memory address locations. At clockcycle 11, second search engine 214 looks in memory address location 31,compares the destination search key AH with entry AF, and determinesthat the result is a miss at clock 12. The destination address lookupfor the second packet is therefore complete. The destination addresslookup for the second packet does not require a final read from the evenaddressed table 213; search engine 214 determines a miss when theresults of the final search does not provide a pointer to table 211 fromtable 212.

As a second example, assume that a first data packet comes into a porton EPIC 20 on SOC 10 from MAC address A that is destined for a MACaddress JJ, while a second data packet concurrently comes into anotherport on EPIC 20 of SOC 10 from MAC address G and is destined for MACaddress CC. In a switch again requiring a four clock cycle overhead, theaddress lookups begin at clock cycle 4, with the first packet beinghandled by first search engine 213, and the second packet being handledby second search engine 214. First search engine 213 initially searchesthe even address location table 211, and second search engine 214searches the odd address location table 212. With the tables 211 and 212being appropriately divided and sorted from the primary address table,as shown in FIGS. 41 a and 41 b, the search engines are again configuredto initiate a binary or lockstep-type search operation at the middleaddress location of the respective tables. Therefore, at clock cycle 4,first search engine 213 compares the source address search key A withentry Y stored at memory address location 16, and determines that thesearch should continue at lower memory address locations, as thehexadecimal numerical value of the desired address is greater than theentry. At clock cycle 5 first search engine 213 compares destinationaddress search key JJ with entry Y, and determines that the searchshould continue at higher memory address locations, as the hexadecimalnumerical value of the desired address is less than the entry. At clockcycle 6, first search engine 213 compares the source address search keyto entry M stored at memory address location 8, and determines that thesearch should continue at lower memory address locations. At clock cycle9, first search engine 213 compares the destination address search keyto entry KK stored at memory address location 28, and determines thatthe search should continue at lower memory address locations. At clockcycle 10, first search engine 213 compares the source address search keyto entry D stored at memory address location 2, and determines that thesearch should continue at lower memory address locations. At clock cycle11, first search engine 213 compares the destination address search keyto entry GH stored at memory address location 26, and determines thatthe search should continue in the odd address table 212 at memoryaddress location 27. This determination is based upon the fact thatsearch engine 213 has compared the entries in adjoining memory addresslocations 26 and 28 to the destination search key, and has determinedthat the desired address, if in the table, would be stored in a memoryaddress location between these two memory address locations. As such,the only remaining memory address location available to search in thelockstep-type operation is memory address location 27 in the odd addresstable 212. At clock cycle 12, first search engine 213 compares thesource address search key to entry B stored at memory location 0, anddetermines that the search has revealed a miss. Inasmuch as entry B isthe lowest numerical address in the tables, a miss is determined, andthereafter the source MAC address A must be learned and inputted intothe table at the appropriate location to maintain the sorted order ofthe table, which will be discussed herein. At clock cycle 13, firstsearch engine 213 compares the destination address search key JJ toentry JJ stored at memory address location 27 of the odd address table212, and determines that a hit has occurred.

Therefore, upon completion of the aforementioned steps, the sourceaddress of the first data packet has not been located, and thus must belearned and stored in the address tables. However, the destinationaddress of the first data packet was found at memory location 27 in theodd address table 212, and therefore, a hit was declared for thisaddress. As such, the search operation for the source and destinationaddresses for the first data packet has been completed. However, as withthe previous example, the source and destination addresses of the seconddata packet must also be searched within the address tables.

Therefore, simultaneously with the aforementioned steps associated withthe first search engine 213 searching the even address table 211, thesecond search engine 214 undertakes a search of the odd address table212 for the source and destination addresses of the second data packet.Second search engine 214 begins at clock cycle 4 by comparing the sourceaddress search key G with the address entry AA stored at memory addresslocation 17 in odd address table 212. This comparison yields thedetermination that the search should continue at lower memory addresslocations, as entry G is numerically less than address entry AA. Atclock cycle 5 second search engine 214 compares the destination addresssearch key CC with the entry AA stored at memory address location 17.This comparison yields the determination that the search should continueat higher memory address locations. At clock cycle 6 second searchengine 214 compares the source address search key G to the entry Nstored at memory address location 9. Second search engine 214 determinesthat entry N is numerically greater than the desired address, andtherefore the search is to be continued at lower memory addresslocations. At clock cycle 7 second search engine 214 compares thedestination address search key CC to entry CF stored in memory addresslocation 25 and determines that the search should continue at lowermemory address locations. At clock cycle 8 second search engine 214compares the origin address search key G to entry J stored in memoryaddress location 5, and determines that the search should continue atlower memory address locations. At clock cycle 9 search engine 214compares the destination search address search key to the entry BCstored at memory address location 21 and determines that the searchshould continue at higher memory address locations. At clock cycle 10search engine 214 compares the source address search key G to the entryE stored at memory address location 3 and determines that the desiredaddress is numerically greater than entry E. Thus, inasmuch as thedesired address has been previously determined to be greater than theentry at odd memory address location 3 during clock cycle 10 and lessthan the entry at odd memory address location 5 in clock cycle 8, secondsearch engine 214 determines that the next comparison will be in theeven address table 211 at memory address location 4. At clock cycle 11second search engine 214 compares the destination address search key CCto the entry BE and determines that the search should continue at highermemory address locations. However, second search engine 214 has alreadysearched the adjoining higher memory address location, which was memoryaddress location 25, in clock cycle 7. Therefore, second search engine214 determines that the next comparison for the destination address willbe in the even address table 211 at memory address location 24. At clockcycle 12 second search engine 214 attempts to search the even addresstable 211 for the source address search key G; however, as discussedabove, first search engine 213 is executing a lookup for source addresskey A at memory address location 0 in the even address table 211 duringthis particular clock cycle, and as such, second search engine 214stalls during this clock cycle and is unable to execute the comparison.At clock cycle 13 first search engine 213 has completed its lookup inthe even address table 211, and second search engine 214 is then allowedto continue with the previously stalled address lookup in the evenaddress table 211. Therefore, at clock cycle 13 second search engine 214compares entry G stored in even address table memory location 4 with thesource address search key G. At clock cycle 14 a hit is determined forthe source address, and second search engine 214 continues to search forthe destination address of the second data packet by comparing thedestination address search key CC with the entry CC stored in the evenaddress table 211 memory address location 24. At clock cycle 15 a hit isdetermined for the destination address.

Upon completion of clock cycle 15, both the source and destinationaddress lookup for the first and second data packets is complete. Thesource address of the first data packet was not found within the tables,and therefore had to be learned and appropriately inserted into thetables. The remaining addresses, including the destination address ofthe first data packet and the source and destination addresses of thesecond data packet, were found within the address tables.

In instances where an address must be learned, as noted above, aspecific operational procedure is followed. As an example, the primaryaddress table, as shown in FIG. 42, is again split into the first andsecond address tables 211 and 212, as shown in FIG. 42 a. Assume thataddress F needs to be learned as a result of a search operation notfinding that address within the tables. Inasmuch as the address entriesstored within the tables are in sorted order, address F would logicallybelong in memory address location 4, if the sorted order is to bemaintained upon insertion. However, memory address location 4 iscurrently occupied with entry G. Therefore, in order to make room foraddress F to be learned and properly stored at memory address location4, each of the entries in memory address locations 4 through 26 need tobe moved or shifted upward to the adjacent memory address locations,thereby opening memory address location 4. To accomplish the shift ofthese addresses entries, a learning state machine reads address entry GHfrom memory address location 26 and address entry CF from memory addresslocation 25 on a single clock cycle. Address entry GH is then written tomemory address location 27, while address entry CF is written to memoryaddress location 26, again on the same clock cycle. This simultaneousread/write pair-type operation continues downward through the memoryaddress locations within the tables until entries K and J are read frommemory address locations 6 and 5, and are respectively written intomemory address locations 7 and 6. At this time entry G is read frommemory address location 4 and written into memory address location 5vacated by address J in the previous shift. This results in the desiredvacancy in memory address location 4, thus providing space for thelearned memory address F to be written into memory address location 4.As a result of this particular table configuration, the learning ratenearly doubles that of the single table scheme.

In the situation where a single data packet arrives from an ingress andrequires address resolution, and there are no other queued data packetsawaiting address lookup, then the search engine handles the addresslookup for the data packet singly. If immediately after the lookup forthe single data packet is started, a flood of data packets arrives fromthe other ingresses, then in the worst case, the newly arrived datapackets must wait for 30 clock cycles while the source and destinationaddresses of the single data packet are looked up in the tables beforethe search engines can begin lookup for the newly arrived data packets.If any of the newly arrived data packets are from the gigabit ports,then any arbitration scheme must be configured to assign higher priorityto those data packets, as their address lookups must all be completedwithin 90 clock cycles after the single data packet's address lookupsare completed.

The present invention provides a clear advantage over single addresstable lookup schemes, as the great majority of the concurrent searchesare conducted in parallel. Therefore, in the case where both searchesrequire only comparisons, performance doubles, irrespective of addressinsertions and deletions, as these operations are of a lower priorityand have no affect on performance. As a specific example, performancefor the parallel operation is calculated by multiplying the number ofcycles per search by the number of clock cycles per search cycle, andthen adding the clock overhead. This calculation is represented by thefollowing equation: Performance=(#cycles parallel)·(2clocks/searchcycle)+overhead (1) Therefore, the performance for an 8k table using thepresent invention is represented by the following:(13)·(2)+4=30 clock cycles for 2 packets or 15 clock cycles for a singledata packet  (2)Performance for a 16 k table using the present invention is representedby the following:(14)·(2)+4=32 clock cycles for 2 packets or 16 clock cycles for a singlepacket  (3)If only a single data packet requires an address lookup, the followingrepresents the search time to accomplish the lookup with the presentinvention:(13)·(2)+4=30 clock cycles per packet  (4)(14)·(2)+4=32 clock cycles per packet  (5)

Therefore, the present invention provides a substantial increase in theperformance of the address lookup time over a single table ARL, whilenot requiring the use of any additional memory. Furthermore, the lookupand learning latency of the present invention is cut nearly in half oversingle table ARL's, as the majority of the reads and writes associatedtherewith can be accomplished in parallel, thereby reducing the numberof clock cycles necessary to complete the shifting of memory addressesand the insertion of a learned address. Additionally, as the table sizeis increased from 8 k to 16 k, the performance decreases by only twoclock cycles in the worst case.

Furthermore, the embodiments of the present invention discussed abovecan be physically implemented in a number of ways. For example, theaddress tables and search engines of the present invention can beimplemented in hardware, such as on a single semiconductor substrate inconjunction with the various components of SOC 10. Alternatively, theaddress tables and search engines could be implemented as separatediscrete hardware components that are in electrical connection with thecomponents of SOC 10. Further, the tables and search engines associatedwith SOC 10 can be implemented and searched through software, bothexclusively or partially. Additionally, although the present apparatusand method is disclosed in conjunction with address resolution in anetwork switch, the apparatus and method of searching a sorted tablerecited herein is contemplated to apply to various alternativeapplications. Therefore, the recitation of the implementation of theapparatus and method in conjunction with address resolution is notintended in any way to limit the scope of the present invention, as thepresent invention could effectively be utilized in any sorted tablesearches.

Filtering

Referring again to the discussion of FIG. 14, as soon as the first 64(sixty four) bytes of the packet arrive in input FIFO 142, a filteringrequest is sent to FFP 141. FFP 141 includes an extensive filteringmechanism which enables SOC 10 to set packet filters on any field of apacket from layer 2 to layer 7 of the OSI seven layer model. Filters areused for packet classification based upon various protocol fields withinthe packets themselves. Various actions are taken based upon the packetclassification, including packet discard, sending of the packet to theCPU, sending of the packet to other ports, sending the packet on certainCOS priority queues, and changing the type of service (TOS) precedence,for example. Filters are also commonly used for implementing securityfeatures, as they can be configured to allow a packet to proceed only ifthere is a filter match. If there is no match, then the actionsassociated with exclusive filters can be taken. A further discussion offilters, both inclusive and exclusive, will be presented later.

It should be noted that SOC 10 has the capability to handle both taggedand untagged packets coming into the switch. Tagged packets are taggedin accordance with IEEE standards, and include a specific IEEE 802.1ppriority field for the packet. Untagged packets do not have a tag, andtherefore, do not include an 802.1p priority field. SOC 10 can assign anappropriate priority value for the packet based upon either the incomingport or the destination address. As noted in the ARL table formatdiscussed herein, an SCP (Source COS Priority) bit is contained as oneof the fields of the table. When this SCP bit is set, SOC 10 will assigna weighted based upon a source COS value in the ARL table. If the SCP isnot set, then SOC 10 will assign a COS for the packet based upon thedestination COS field in the ARL table. These COS values are three bitfields in the ARL table, as noted previously in the ARL table fielddescriptions.

FFP 141 is essentially a state machine driven programmable rules engine.The filters used by the FFP in a first embodiment are 64 (sixty-four)bytes wide, and are applied on an incoming packet. In some embodiments,a 64 byte filter mask can be used and applied to any selected 64 bytesor 512 bits of a packet. In another embodiment, however, a filter can becreated by parsing selected fields of an incoming packet such that a 64byte filter mask is created, which will be selectively applied to fieldsof interest of an incoming packet. In yet another embodiment, a filtercan be created by applying a predetermined number of offsets to theincoming data packet 112, wherein a predetermined number of bytesimmediately following each individual offset are parsed from the packetand thereafter concatenated together to form a filter value utilized inthe filtration process.

Filters, as previously stated, are mainly used for packet classificationbased upon certain selected protocol fields in the packet. Based uponthe packet classification, a plurality of actions can be taken. Theactions may include discarding of the packets, sending of the packets tothe CPU, sending the packets to a mirrored port, priority mapping, TOStag modification, etc. In one embodiment, FFP 141 includes filteringlogic 1411, illustrated in FIG. 15, which selectively parsespredetermined fields from the incoming data packets, thereby effectivelyobtaining the values of the desired fields from the MAC, IP, TCP, andUDP headers. FIG. 20 is a table illustrating the various importantfields, and their respective offsets for various packet types. Otherfields that may be related to IPX and/or other fields may also beutilized in this filtration scheme through selection of these particularfields to be parsed from the packet upon filtration.

SOC 10 includes a filter database which contains a plurality of filtersets. In one example, two sets of filters may be provided, eachcontaining eight filters and an associated rules table being 512 entriesdeep. FIG. 21A illustrates the format for a filter mask, showing thevarious fields thereof, including the Field Mask field. The specificfields of the filter mask are as follows:

-   -   Field Mask—512 bits long—Field Mask consists of several Protocol        Masks. For the fields, which are of interest the Mask is set to        all 1's and for other fields the mask is set to zero.    -   Egress Port Mask—6 bits long—Egress Port Mask—This Egress Port        Mask is set to all 1's only if the Egress Port is part of the        Filter.    -   Egress ModId Mask—5 bits long—Egress Module Id Mask—This Module        Id Mask is set to all 1's only if the Egress Module Id is part        of the Filter.    -   Ingress Port Mask—6 bits long—The Ingress Port Mask is set to        all 1's only if the Ingress Port is part of the Filter.    -   Data Offset 1—7 bits long—Data Offset 1—The 7 bit data offset is        used to set the Data Mask for 8 bytes of Data 1 anywhere in        first 128 bytes of the packet.    -   Data Offset 2—7 bits long—Data Offset 2—The 7 bit data offset is        used to set the Data Mask for 8 bytes of Data 2 anywhere in        first 128 bytes of the packet.    -   Data Offset 3—7 bits long—Data Offset 3—The 7 bit data offset is        used to set the Data Mask for 8 bytes of Data 3 anywhere in        first 128 bytes of the packet.    -   Data Offset 4—7 bits long—Data Offset—The 7 bit data offset is        used to set the Data Mask for 8 bytes of Data 4 anywhere in        first 128 bytes of the packet.    -   No Match Action—13 bits long—No Match Action—This field is valid        only if the No Match Action Enable Bit is set to 1. No Match        Action is applied only if the filter does not match any of the        Entries in the Rules Table. The following Actions are defined:        Bit 0—If this bit is set then change 802.1p Priority in the        packet. the Priority is picked up from the 802.1p priority        field. Bit 1—If this bit is set then categorize this packet to        send on priority COS Queue, but don't modify the 802.1p priority        field in the packet tag header. Again the priority is picked up        from the 802.1p Priority field. Bit 2—If this bit is set then        change IP TOS Precedence in the IP Header. The new TOS        Precedence value is picked up from the TOS_P field. Bit 3—if        this bit is set then send the packet to CPU. Bit 4—if this bit        is set then discard the packet. Bit 5—If this bit is set then        select the output port from the Port Field. If the Packet is a        Broadcast, Multicast or a DLF then this action is not applied.        Bit 6—If this bit is set then the packet is sent to the        “Mirrored-To” port. Bit 7—is a reserved bit. Bit 8—If this bit        is set then the value of 802.1p Priority field is picked up from        the TOS Precedence field in IP header. (TOS_P->COS). Bit 9—If        this bit is set then the value of TOS Precedence field in IP        header is picked up from the 802.1p Priority field.        (TOS_P->COS). Bit 10—If this bit is set then the value of        Differentiated Services (DS) is picked up from Differentiated        Services Field. Bit 11—if this bit is set, then select the        output port and output module id from the filter mask        independent of packet type. Bit 12—reserved.    -   NMA Enable—1 bit long—No Match Action Enable—If this bit is set        then No Match Action field is a valid field. Also the way the        search is done in the Rules Table is slightly different.    -   802.1p Priority Bits—3 bits long—802.1p Priority Bits—The value        in this field is used to assign the priority to the packet. The        802.1p standard define 8 levels of priorities from 0 to 7. The        field is used only if bit 0 or bit 1 of Action Field is set.    -   TOS_P field—3 bits long—TOS_P field—The value in this field is        used to assign the new value to TOS Precedence field in the IP        Header. This field is used only if bit 2 of Action Field is set.    -   Differentiated Services—6 bits long—Differentiated Services—The        value in this field is used to assign the new value to the        Differentiated Services Field in IP Header.    -   Output Port—6 bits long—This field identifies the output Port        Number. This port overrides the egress port selected by ARL.    -   Output Module Id—5 bits long—This field identifies the output        Module Number. The output Module, output Port combination        overrides the Egress Port, Module Id selected by ARL. This field        is valid only if Remote Port Bit is set.    -   Remote Port Bit—1 bit long—If this bit is set then the Egress        Port is on the Remote Module and the Port is identified by the        Output Module Id and Output Port combination.    -   Filter Enable Bit—1 bit long—If this bit is set then the Filter        is Enabled.    -   Counter—5 bits long—Counter Index—this is the counter, which        needs to be incremented.

FIG. 22 is a flow chart which illustrates filtering in SOC 10 in a firstembodiment, using FFP 141 and the filtering configuration discussedabove. An incoming packet coming in to an ingress of an EPIC 20 or GPIC30 is subjected to address resolution through the address resolutionlogic shown at step 22-1. After the address resolution is completed, FFP141 selectively parses the packet of step 22-2 and obtains the values ofpreselected fields associated with the packet. Depending upon the typeof packet, whether it be Ethernet type II, 802.3, IP, IPX, TCP, UDP,etc. the fields listed above may also be extracted in the parsingprocess. A field value is constructed at step 22-3 by concatenating theextracted fields in the same order as listed in the field mask,including the ingress port and egress port. If the egress port is notdetermined or known, then the port value is set to an invalid value thatcan be, for example, 0x3f. At step 22-4, logic 1411 goes through allfilters which have the filter enable bit set, and applies the maskportion of the filter to the field. The result of this operation isconcatenated at step 22-5 with the filter number to generate a searchkey. The search key is used to search for a match to the key in rulestable 22 at step 22-6. If the no match action (NMA) bit is set to zero,then the filter is considered to be an inclusive filter. For inclusivefilters, as will be discussed below, there should be an exact match inorder to execute the actions defined in the rules table entry. If thereis not an exact match, then no action is taken for that particularfilter. If the NMA bit is set to one, then the filter is an exclusivefilter. This process is repeated for each individual filter until allselected filters have been applied to the packet.

When a binary search is performed on rules table 22, additionalcomparison is done using filter select, source port, and destinationport fields to determine if a partial match exists. If there is a fullmatch, then the actions from the matched rules table entry are applied.If there is no full match but there is a partial match, then actionsfrom the “no match action” field in the filter mask are applied at step22-7. If there is no full match and no partial match, then no filteraction is taken.

Rules table 22 is completely programmable by CPU 52 through CMIC 40. Therules table can be, as an example, 256 entries deep. The entries in therules tables, again as an example, are stored in ascending order withfilter value+egress port+egress module id+ingress port+filter select asthe key. The ingress port or egress port is set only if there is anintention to do the filtering on a per port basis, and in that case theassociated ingress and/or egress mask should be set to theaforementioned invalid value of 0x3F.

The FFP configuration enhances the handling of real time traffic sincepackets can be filtered and action can be taken on the fly. Without FFP141, the packet would need to be transferred to the CPU for appropriateaction to be interpreted and taken. For inclusive filters, if there is afilter match, action is taken, and if there is no filter match, noaction is taken; however, packets are not dropped based on a match or nomatch situation for inclusive filters.

FIG. 23 illustrates an example of a format for rules table 22. Thefields of this rules table are as follows:

-   -   Filter Value—512 bits long—For every incoming packet the Filter        Mask is applied and the result is compared with the Filter        value. Since the incoming packet itself is typically in Big        Endian Format the Filter value should be set up in Bit Endian        Format.    -   Ingress Port—6 bits long—Ingress Port Number: This field is set        only if one is setting this filter on a specific ingress port.        If this field is set then the Ingress Port Mask in the Filter        Register should be set.    -   Egress Port—6 bits long—Egress Port Number: This field is set        only if one is setting the filter on a specific egress port. if        this field is set then the Egress Port Mask in the Filter        Register should be set. In case of Broadcast, Multicast or DLF,        the Filtering Mechanism should use invalid port number (0x3f) so        that there is no match on the entry.    -   Egress Module Id—5 bits long—Egress Module Id—This field is set        only if one is setting the filter on a specific egress        port+Module Id. If this field is set then the Egress Port        Mask+Egress Module Id in the Filter Register should be set. In        case of Broadcast, Multicast or DLF, the Filtering Mechanism        should use invalid port number (0x3f) so that there is no match        on the entry. Note: Remote Egress Port is a combination of        Egress Port+Module Id. The only way to invalidate the Remote        Port is to use an invalid Port Number.    -   Filter Select—3 bits long—Filter Select—These bits are used to        identify the Filter Number, which is used to match these        entries.    -   Action Bits—14 bits long—Action Bits defines the actions to be        taken in case of the matched entry. Bit 0—If this bit is set        then change 802.1p Priority in the packet. The Priority is        picked up from the 802.1p priority field. Bit 1—If this bit is        set then categorize this packet to send on priority COS Queue,        but don't modify the 802.1p priority field in the packet tag        header. Again the priority is picked up from the 802.1p Priority        field. Bit 2—If this bit is set then change IP TOS Precedence in        the IP Header. The new TOS Precedence value is picked up from        the TOS_P field. Bit 3—if this bit is set then send the packet        to CPU. Bit 4—if this bit is set then discard the packet. Bit        5—if this bit is set then select the output port and output        module id from the Rule entry. If the Packet is a Broadcast,        Multicast or a DLF then this action is not applied. Bit 6—If        this bit is set then the packet is sent to the “Mirrored-To”        port. Bit 7—If this bit is set then increment the counter        indicated in the counter value. The counter index is picked up        from the counter field. Up to 32 counters are supported. Bit        8—If this bit is set then the value of 802.1p Priority field is        picked up from the TOS Precedence field in IP header.        (TOS_P->COS). Bit 9—If this bit is set then the value of TOS        Precedence field in IP header is picked up from the 802.1p        Priority field. (COS->TOS_P). Bit 10—If this bit is set then the        value of Differentiated Services (DS) is picked up from        Differentiated Services Field. Bit 11—if this bit is set, then        select the output port and output module id from the Rule entry.        Bit 12—Reserved. Bit 13—if this bit is set, then the packet is        not dropped. If bit 4 and bit 13 are both set, then the packet        is not dropped.    -   802.1p Priority Bits—3 bits long—The value in this field is used        to assign the priority to the packet. The 802.1p standard        defines 8 levels of priorities from 0 to 7. The field is used        only if bit 0 or bit 1 of Action Field is set.    -   Differentiated Services—6 bits long—Differentiated Services—The        value in this field is used to assign the new value to the        Differentiated Services Field in the IP Header.    -   TOS_P field—4 bits long—The value in this field is used to        assign the new value to TOS Precedence field in the IP Header.        This field is used only if bit 2 of Action Field is set.    -   Output Port—6 bits long—Output Port—This field identifies the        Output Port Number. This port overrides the egress port selected        by ARL.    -   Output Module Id—5 bits long—Output Module Id—This field        identifies the output Module Number. The output Module, output        Port combination overrides the Egress Port, Module Id selected        by ARL. This field is valid only if Remote Port Bit is set.    -   Counter—5 bits long—Counter Index is the counter, which needs to        be incremented.

In other words, a logical AND operation is performed with the filtermask, having the selected fields enabled, and the packet. If there is amatch, the matching entries are applied to rules tables 22, in order todetermine which specific actions will be taken. Since there are alimited number of fields in the rules table, and since particular rulesmust be applied for various types of packets, the rules tablerequirements are minimized by setting all incoming packets to be“tagged” packets; all untagged packets, therefore, are subject to 802.1Qtag insertion, in order to reduce the number of entries which arenecessary in the rules table. This action eliminates the need forentries regarding handling of untagged packets. It should be noted thatspecific packet types are defined by various IEEE and other networkingstandards, and will not be defined herein.

As noted previously, exclusive filters are defined as filters whichexclude packets for which there is no match; for excluded packets,actions associated with exclusive filters are taken. With inclusivefilters, however, inclusive actions are taken. If there is a match,action is taken as discussed above; if there is no match, no action istaken and the packet proceeds through the forwarding process. Referringto FIG. 15, FFP 141 is shown to include filter database 1410 containingfilter masks therein, communicating with logic circuitry 1411 fordetermining packet types and applying appropriate filter masks. Afterthe filter mask is applied as noted above, the result of the applicationis applied to rules table 22, for appropriate lookup and action. Itshould be noted that the filter masks, rules tables, and logic, whileprogrammable by CPU 52, do not rely upon CPU 52 for the processing andcalculation thereof. After programming, a hardware configuration isprovided which enables linespeed filter application and lookup.

Referring once again to FIG. 14, after FFP 141 applies appropriateconfigured filters and results are obtained from the appropriate rulestable 22, logic 1411 in FFP 141 determines and takes the appropriateaction. The filtering logic can discard the packet, send the packet tothe CPU 52, modify the packet header or IP header, and recalculate anyIP checksum fields or takes other appropriate action with respect to theheaders. The modification occurs at buffer slicer 144, and the packet isplaced on C channel 81. The control message and message headerinformation is applied by the FFP 141 and ARL engine 143, and themessage header is placed on P channel 82. Dispatch unit 18, alsogenerally discussed with respect to FIG. 8, coordinates all dispatchesto C channel, P channel and S channel. As noted previously, each EPICmodule 20, GPIC module 30, MMU 70, IPIC 90, etc. are individuallyconfigured to communicate via the CPS channel. Each module can beindependently modified, and as long as the CPS channel interfaces aremaintained, internal modifications to any modules such as EPIC 20 ashould not affect any other modules such as EPIC 20 b, GPICs 30, or IPIC90.

As mentioned previously, FFP 141 is programmed by the user, through CPU52, based upon the specific functions that are sought to be handled bythe FFP. Referring to FIG. 17, it can be seen that in step 17-1, an FFPprogramming step is initiated by the user. Once programming has beeninitiated, the user identifies the protocol fields of the packet whichare to be of interest for the filter, in step 17-2. In step 17-3, thepacket type and filter conditions are determined, and in step 174, afilter mask is constructed based upon the identified packet type, andthe desired filter conditions. The filter mask is essentially a bit mapwhich is applied or ANDed with selected fields of the packet. After thefilter mask is constructed, it is then determined whether the filterwill be an inclusive or exclusive filter, depending upon the problemswhich are sought to be solved, the packets which are sought to beforwarded, actions sought to be taken, etc. In step 17-6, it isdetermined whether or not the filter is on the ingress port, and in step17-7, it is determined whether or not the filter is on the egress port.If the filter is on the ingress port, an ingress port mask is used instep 17-8. If it is determined that the filter will be on the egressport, then an egress mask is used in step 17-9. Based upon these steps,a rules table entry for rules tables 22 is then constructed, and theentry or entries are placed into the appropriate rules table (steps17-10 and 17-11). These steps are taken through the user inputtingparticular sets of rules and information into CPU 52 by an appropriateinput device, and CPU 52 taking the appropriate action with respect tocreating the filters, through CMIC 40 and the appropriate ingress oregress submodules on an appropriate EPIC module 20 or GPIC module 30.

In another embodiment of the invention, the filtering logic is modifiedfrom the previous embodiment. In this embodiment, which is backwardcompatible in implementation with that which is previously discussed,four 16 byte fields are specifically defined within the packet header,each of these fields having their own configurable offset. These four 16byte fields are combined to form the previously mentioned 64 byte/512bit field mask. However, in this embodiment the offsets are configuredin such a way that the filter mask can effectively look into the packetheader up to 120 bytes deep. Although FIG. 20 illustrates that asubstantial portion of the relevant filtering information is containedwithin the first 64 bytes of the packet header, when product andtechnology innovation renders bytes 64 to 120 of the packet header to beof substantial relevance to filtering, the present invention will beconfigured to filter using this header format.

As stated above, the 64 byte packet key is split up into a predeterminednumber of subfields. As an example, the 64 byte packet key can be splitup into 4 16 byte subfields. Each subfield has a 3 bit mask associatedtherewith that indicates a multiple of 8 bytes to offset for eachsubfield, as shown in FIG. 31. Therefore, for example, if the first 64bytes of the packet are of interest, then an offset field of 000 wouldbe used for all four of the 16 byte subfields. This would cause thefirst offset to capture/review the 16 bytes beginning with byte 0 andcontinuing through byte 15. The second offset would capture the 16 bytesbeginning with byte 16 and continuing through byte 31, and in similarfashion, the third offset would capture bytes 32 through 47, and thefourth offset would capture bytes 48 through 63, thereby including theentire first 64 bytes. As a second example, if the offsets were set asfirst offset 001, second offset 011, third offset 100, and fourth offset110, then the subfields would be defined as follows. The first offset of001 would define the first subfield as beginning with byte number 8 inthe packet header and continuing for 16 bytes through byte 23. Thesecond offset of 011 would define the second subfield as beginning atbyte 40 and continuing for 16 bytes through byte 55. The third offset of100 would define the third subfield as beginning with byte 64 andcontinuing through byte 79. Finally, the fourth offset of 110 woulddefine the fourth subfield as beginning at byte 96 and continuingthrough byte 111. Thereafter, the 4 individual 16 byte subfields createdthrough the application of the four offsets are concatenated into asingle 64 byte field value. Again, the concatenation of the field valuemust include the ingress port, egress port, and the egress module idfields. If the egress module id or the egress port fields are notdetermined, then these fields are again set to an invalid value, such as0 x3f. The filter logic then goes through goes through all of thefilters that are set and applies the mask portion of the filter to thefield value and filter mask. The result of this operation is againconcatenated with the filter number to generate the search key, which isthen used to search for a match in the rules tables 22. If all of the nomatch action bits are set to 0, then the filter is considered to be aninclusive filter, which indicates that there must be an exact match inorder to execute the actions defined in the rules table entry. If thereis anything less than a full match, then no action is taken under aninclusive filter. However, if at least one of the action bits are set to1, then the filter is considered to be an exclusive filter.

In executing actions from the rules table entries and no match actionsfrom the filter, specific rules are followed in order to insure properfiltering and action execution. The relevant rules to execute actionsfrom rules table entries and no match actions from filters are asfollows.

-   -   When a binary search is done in the rules table, additional        comparison is done using {filter select+egress module id+ingress        port+egress port} fields to determine a partial match    -   A full match occurs when the filter select+egress module        id+ingress port+egress port+packet format+filter value matches        an entry in the rules table. Therefore, if there is a full        match, then the associated actions from the matched rules table        entry are applied.    -   If there is no full match and no partial match, then no action        is taken.    -   If there is no full match, but there is a partial match, then        the actions from the no match actions field are applied. This no        match action is derived from the filter mask field.    -   If there is a partial match with a filter, actions associated        with the filter mask are taken. If there is a full match with a        higher filter value, then the actions associated with the rule        entry are taken. If a particular action bit is set by the no        match action field and the full match on another filter mask        does not set the same action bit, then the action is taken, as        the partial match and full match are on different filters.    -   If there is a partial match and a full match, the counters are        updated only for the full march according to the rules table. If        there is only a partial match, then the counters are updated        according to action in the filter mask. If all of the filters        have a full match in the rules table and the action is to        increment the same counter, then the counter is incremented only        once. If all of the filters have a partial match and the action        is to increment the same counter, then the counter is        incremented only once.        Packet Flow Control

In conjunction with the filtering functions, the configuration of SOC 10enables a traffic conditioning function, which can meter, shape, police,drop, and/or remark data packets as necessary, to ensure that thepackets or data traffic entering the differentiated services (diffserv)domains conform to predetermined requirements for the particularimplementation. Metering functions generally measure the temporalproperties, generally the rate or flow, of the stream of packetsselected by a classifier. In the present invention a rate counter fieldfor a codepoint in diffserv-to-COS mapping table is incremented everytime a packet comes into the switch with that particular codepoint, thusallowing a rate of traffic to be determined. A shaping function servesto delay some or all of the packets in a traffic stream in order tobring the traffic stream into compliance with a predetermined trafficprofile. The present invention implements a shaping functionality foreach COS queue, which is handled by the COS manager on each individualegress. The dropping function of the metering logic is responsible fordiscarding some or all of the packets in a data stream in order to bringthe data stream into compliance with a predetermined traffic profile.Put simply, if the aforementioned rate counter for a specific code pointvalue exceeds the rate counter threshold set in the diffserv-to-COStable, then the option is provided, using the new codepoint actionsbits, to drop the packet from the date stream. The re-marking functionallows the codepoint of a packet to be reset depending on thecharacteristics of the traffic profile. The re-marker may be configuredto re-mark all packets to a single codepoint, or it may be configured tomark a packet to one of a set of codepoints. Specifically, if theaforementioned rate counter for a codepoint exceeds the rate counterthreshold in the diffserv-to-COS table, then the option is provided,using the new codepoint action bits, to remark the codepoint and selecta new COS queue for the packet, in addition to changing the 802.1ppriority of the packet, both of which will have a direct impact uponflow threshold of the packet.

Although the present invention provides multiple packet flow controlalternatives, metering is generally provided by the counter field ofrules table 22. Using the counter and the COS queues, packets in aparticular traffic stream can be delayed as necessary in order to bringthe traffic stream into compliance with the desired traffic profile.This can be controlled through the use of COS manager 133 andtransaction fifo 132, as illustrated in FIG. 13. Packet pointers thatdepend upon the differentiated services code point (DSCP) are placed inone of the COS queues in transaction fifo 132, and scheduler 134 picksup the next packet depending upon the priority determination of COSmanager 133. Queue scheduling algorithms can be programmed into COSmanager 133 as appropriate for a particular application. Strict prioritybased scheduling can be implemented, wherein packets in the highpriority COS queue are taken up first for transmission. However, thiscan result in starvation of low priority COS queues. An option forresolving this difficulty, therefore, is implementing a weightedpriority based scheduling scheme, wherein a minimum bandwidth isprovided to all COS queues, so that no queue gets starved as a result ofpriority allocation. Bandwidth is a programmable parameter in COSmanager 133, and can be programmed based upon the switch application.Realtime applications can be implemented through a Maximum AllowableLatency Parameter, which enables COS manager 133 to schedule packettransmission such that packets on a particular COS queue are not delayedfor more than a maximum allowable latency time.

Metering Using DSCP

The general flow of an incoming packet as it goes through the variousfunctions of SOC 10 relative to differentiated services is shown in FIG.45. In one embodiment of the present invention, a differentiatedservices enhancement to the Internet protocol is used to enable scalableservice discrimination without the need for per flow state and signalingoperations at every hop. Therefore, a variety of services may be builtfrom a small, well-defined set of building blocks that are alreadydeployed within the network switch configuration. Differentiatedservices can be constructed by a combination of: first, setting bits inthe IP header field at network boundaries; second, using those bits todetermine how packets are forwarded by the nodes within the network; andthird, by conditioning the marked packets at network boundaries inaccordance with predetermined requirements or rules of service. Thepresent invention uses the differentiated services code point toclassify and forward traffic entering the switch based uponpredetermined policies directly related to the DSCP, which are discussedbelow.

In this embodiment, packet classification selects packets in a trafficstream based on the contents of specific fields in the packet protocolheader. In the differentiated services architecture there are two typesof packet classifiers: first, multi-field classifiers; and secondbehavior aggregate classifiers. Multi-field classifiers classify thepackets entering the switch based upon the contents of specific fieldsin the protocol header. The specific fields of interest are as follows:

-   -   1) Source IP Address    -   2) Destination IP Address    -   3) DS Field    -   4) Protocol ID    -   5) Source TCP Port    -   6) Destination TCP Port    -   7) Source UDP Port    -   8) Destination UDP Port    -   9) Incoming Interface Number    -   10) Application Type, eg. Telnet, HTTP, FTP, RTP, RTCP, etc.

In using multi-field classifiers, SOC 10 uses FFP mechanism 141 toimplement the multi-field (MF) classifications, which are accomplishedat the network boundaries. MF classifier capability is implemented usingthe FFP 141 engine, wherein the filter mask and the corresponding rulestable are programmed as per the corresponding Differentiated servicesrelated policies to assign a new code point or the change the codepointof the packet. The same rules entry can be used to change 802.1ppriority of the packet, depending on the particular policy.

Alternatively, when a behavior aggregate (BA) classifier is used, thepackets are classified using the DSCP only, and the BA classifiers arein switches that are deployed not only on the DS domain boundaries, butalso within the DS domain itself. The BA classifier is implementedwithin the ingress logic. Although numerous more complex packetclassifiers and policies can be defined per the agreement between acustomer and service provider, the following table is exemplary ofpacket classification.

Code Priority Application Point Field Routing Protocol Traffic R0 7 VOIPPackets X1 7 or 6 Streaming Audio X2 6 Streaming Video X3 6 or 5 TelnetX4 4 HTTP, Secure HTTP X5 4 or 3 FTP and other Data transfer TypeApplications 00 0 Any Packets originating from Source IP Address Y1 6 or5 a.b.c.d Any Packets destined to IP Address a.b.c.d Y2 6 or 5 PacketFlows between networks e.f.g.h to i.j.k.l Y3 4 or 3 HTTP traffic toDestination Network i.j.k.l Z1 0 Streaming video to Destination Networkm.n.o.p Z2 3 Traffic coming from Network p.q.r.s with DS Code A4 0 PointA1, A2 or A3Specifically, if the DS field in the incoming packet is non-zero, thenthe ingress logic gets the COS queue value from the DS field using thediffserv-to-COS mapping table shown in FIG. 30. The following fields areshown in FIG. 30 and detailed below.

-   -   COS Queue Value—3 bits long—COS Queue value used when sending        the Packet to the Egress Port.    -   Change Priority Field (CPF) Bit—1 bit long—If CPF Bit is set        then the 802.1p Priority Field in the Packet is changed to a new        Priority. The new priority field is picked up from ‘802.1p        Priority’ Field.    -   New Codepoint Action (NCA) Bits—2 bits long—New Codepoint        Actions are taken only if the Rate Counter exceeds the Rate        Counter Threshold. Value 00—No Action. Value 01—Assign a new        Codepoint. The new codepoint value is picked up from “New        Codepoint” Field. Value 02—Assign a new codepoint and also        change the 802.1p Priority of the Packet. New 802.1p Priority        field is picked up from “New 802.1p Priority” Field. Value        03—Drop the incoming Packet.    -   802.p Priority—3 bits long—This priority field is used only if        the CPF bit is set.    -   Rate Counter—12 bits long—This counter is incremented every time        a packet arrives with this Codepoint. This counter is reset        every 1 ms.    -   Rate Counter Threshold—12 bits long—is expressed as number of        packets per 1 ms. If the rate counter exceeds this threshold        then the packet is a candidate for new codepoint.    -   Rate Discard Threshold—12 bits long—Rate Discard Threshold is        expressed in number of packets per 1 ms. If Rate Discard        Threshold is exceeded then the packets are discarded if the NCA        bit value is set to 03.    -   New Codepoint—6 bits long—If the Rate Counter exceeds the Rate        Counter Threshold and the NCA Bit value is 01 then New Codepoint        value is picked up from this field.    -   New COS Queue—3 bits long—If the Rate Counter exceeds Rate        Counter Threshold and the NCA Bit value is 01 then New COS Queue        value is picked up from this field.    -   New 802.1p Priority—3 bits long—If the Rate Counter exceeds Rate        Counter Threshold and the NCA Bit value is 02 then New 802.1p        Priority value of the packet is picked up from this field.

The mapping table shown above also offers the option of modifying the802.1p priority field of the incoming packet. For any packet, eventagged or priority tagged packets with an 802.1p priority field, the COSqueue value selected as a result of differentiated services mappingtables takes precedence over the priority selected from the 802.1ppolicies.

A flowchart of the differential services logic, which represents thepredetermined policies associated with the DSCP, is shown in FIG. 46.The flowchart of the differentiated services logic begins at step 46-1,where the logic looks to see if the packet is an IP packet and if thepacket type is 4. If not, then the logic continues to step 464, whichwill be further detailed herein; if so, then the logic proceeds to step46-2, where, if FFP_DSCP is set, then the value of DSCP from FFP isused. If FFP_DSCP is not set, and the DSCP flag is set to 1, then theassigned DSCP value is used to index into the DiffServ table, else theDSCP value from the IP header is used. After executing the appropriateaction at step 46-2, then the logic continues to step 46-3, where it isdetermined whether the rate counter is less than or equal to the DSCPthreshold value. If the rate counter is not greater than or equal to theDSCP Discard threshold, then the flow logic continues to step 46-9. Ifthe rate counter is greater than or equal to the DSCP discard threshold,then the logic continues to step 46-5, where it is determined if the DFvalue is 1. If the DF value is 1, then portbitmap is set to 0, and if CState or a copy of the packet should go to the CPU, then the portbitmapis set to 1, much less than CPU, and the logic skips to step 46-4. If DFvalue is not equal to 1, then the logic continues to step 46-7, where itis determined if the DF value equals 2. If the DF value is found toequal 2, then the CNG bit is set in the P Channel and the logiccontinues to step 46-9. If the DF value is not equal to 2, then thelogic continues directly to step 42-9 without modification of the CNGbit. At step 46-9 the logic determines is the DSCP rate counter is lessthan or equal to the DSCP re-mark threshold. If so, then the logiccontinues to step 46-10, while if not, then the logic continues to46-11. At step 46-10 the logic determines if the RMF value equals 0 or3. If so, then the logic continues to step 46-11, while if not, then thelogic checks to see if the RMF value equals 2 at step 46-12. If the RMFvalue equals 2, then the logic gets the 802.1p priority from the NewDSCP assigned 802.1p priority field. If the RMF value does not equal 2,then the logic proceeds directly to step 46-17 without modification ofthe priority. At step 46-17, the DSCP field is changed to the New DSCPfield, the IP checksum is recalculated, the CRC is regenerated. Uponcompletion of these actions, the logic continues to step 46-4.

Returning to step 46-10, if the RMF value is not equal to 0 or 3, thenthe logic continues to step 46-11, where the logic checks to see if theNP value equals 1×. If so, then the logic gets the 802.1p packetpriority from the 802.1p priority field before continuing to step 46-18.If the NP value is not found to be equal to 1× at step 46-11, then thelogic checks to see if the NP value equals 1 at step 46-15. If the NPvalue equals 1, then the logic picks up the COS queue value from theDSCP priority queue before continuing to step 46-18. If the NP value isnot equal to 1 at step 46-15, then the logic continues directly to step46-18 without modification of the COS queue. At step 46-18, if theFFP-DSCP equals 1 or the DSCP-flag equals 1, then the DSCP field ischanged, the IP checksum is recalculated, and the CRC is regenerated. Inthis step, the DSCP field will come from the FFP logic if FFP_DSCPequals 1, if not, then the value will come from the DSCP logic. Uponcompletion of these actions, the DSCP logic continues to step 46-4.

FIG. 47 shows a detailed flowchart of the logic contained within step42-4 of FIG. 42. At step 47-1 the logic gets the PortBitmap and conductsa logical “and” operation with this value and the forwarding portregister, while also “anding” this value with the active port registercorresponding to the COS queue selected, after going through the COSmapping using the COS mapping using the COS Select Register. This valueis also “anded” with the HOL Register value, which corresponds to ActivePort Register 8, to get the PortBitmap at this step. The logic alsolooks at the M bits of the port based VLAN at this step. Upon completionof the actions of step 47-1, the logic continues to step 47-2, where thelogic checks to see if the ingress port is mirrored, that is if the Mbit is 0, or if the stack link and the M bit is set. If so, then thepacket is sent to the according mirrored port at step 47-3, while ifnot, then the logic continues to step 47-4 without taking any mirrorport action. At step 47-4 the logic checks to see if the mirroring isbased upon filter logic. If so, then the packet is sent to theappropriate mirrored port at step 47-5, while if not, then the logiccontinues to step 47-6 without taking any mirrored port action. At step47-6 the logic checks to see if the egress port is mirrored by lookingat the egress mirroring register. If the egress port is mirrored, thenthe packet is sent to the mirrored port before continuing to step 47-8.If the packet is not mirrored, then the logic simply continues directlyto step 47-8 without taking any mirror port action. Step 47-8 continueswith the mirror port logic, and therefore, will not be discussed indetail. Nonetheless, at this stage of the logic the DSCP has beenaccordingly modified such that the packet flow can be appropriatelyshaped and/or metered upon egress.

Metering Using Meter ID

In another embodiment, the packet flow control logic is folded into thefiltering logic, and therefore, the packet flow control logic operatesin conjunction with the filtering. In this embodiment, thefiltering/flow logic operates in three stages: first, the logic takesactions that are independent of the packet profile, that is the actionsdo not depend on the classification of the packet as in-profile orout-profile; second, the filtering/flow logic picks up the meterid,which is a 6 bit number associated with the packet that is stored in therules table, and takes any appropriate in-profile actions that are set;and third, the filtering/flow logic takes any appropriate out-profileactions. Beginning with the profile independent actions, uponapplication of each individual filter mask, which is generallyundertaken in ascending numerical order, a determination is made by thefiltering/flow logic as to whether there is a matching rule, as shown inFIG. 32. This determination essentially determines whether or not thereis a full match, as previously defined, which is shown in FIG. 32 asstep 32-1. If it is determined that there is a full match for theparticular mask at step 32-1, then the first action bit is checked atstep 32-2. If a full match is not determined at step 32-1, then thelogic determines whether or not there is a partial match for the mask atstep 32-3. If a partial match is found at step 32-3, then the logiccontinues through the partial match method, which is illustrated in FIG.33 and will be further discussed below. Returning to step 32-2, if it isdetermined that bit 1 of the action bits is set, then the class ofservice is selected from this rule entry at step 324. If bit 1 of theaction bits is not set, then the logic continues to step 32-5 and checksto see if bit 0 of the action fields is set. If bit 0 is set, then theclass of service for this entry is obtained from the rule entry, thepacket is modified for priority tagged field, and the regenerate CRC bitis set at step 32-5. If bit 0 is not set, then the logic continues tostep 32-6, which generally represents the beginning of the flow controllogic, and the end of the profile-independent actions, as action bit 0and action bit 1 are independent actions from flow control. Put simply,the profile independent actions are taken at steps 32-1 through 32-5,and beginning at step 32-6, the profile dependent actions begin. At step32-6, the meter id for the particular mask is obtained from the rulestable. At step 32-7, the logic determines if the meter id obtained fromthe rules table is 0. If the meter id is 0, then the packet isautomatically judged to be in-profile, and the appropriate in-profileactions are immediately taken at step 32-8. If the meter id is not 0,then the logic indexes into the meter table with the meter id at step32-9 to determine the profile status of the packet. At step 32-10, uponindexing into the meter table, the logic determines if the packet is infact in-profile, and if so, then the in-profile actions of step 32-8 aretaken. If the packet is not determined to be in-profile, then by defaultthe packet is determined to be out-profile at step 32-11. Therefore,upon the determination that the packet is out-profile, the appropriateout-profile actions are taken at step 32-12.

The partial match actions discussed at step 32-3, which are part of theprofile independent actions, are further detailed in FIG. 33. If apartial match is not found at step 32-3, then the logic determines ifthere are any other masks to compare. If there are other masks tocompare, then the logic returns to step 32-1 in FIG. 32. If there are noother masks to compare, then the logic continues to check for mirroredport and final FFP actions, as shown in FIG. 34. If, however, a partialmatch is found at step 32-3, then the logic continues in FIG. 33 at step33-1. At step 33-1, the logic determines if bit 8 of the no match actionbits is set. If bit 8 of the no match action bits is set, then the logicpicks up the IEEE 802.1P priority values from the TOS precedence fieldin the packet header at step 33-2 and continues to step 33-3. If bit 8of the no match action bits is not set, then the logic continues todirectly to step 33-3 without action. At step 33-3, bit 9 of the nomatch action bits is checked. If bit 9 of the no match action bits isset, then the TOS precedence value is picked up from the IEEE 802.1ppriority field, the IP checksum is recalculated, and the regenerate CRCis set in the message. Thereafter, the logic continues to step 33-5. Ifno match action bit 9 is not set, then the logic simply continues tostep 33-5 without taking any action. At step 33-5, the logic checks tosee if bit 2 of the no match action bits is set. If bit 2 is set, thenthe logic replaces the TOS precedence field in the IP header with theTOS_P field from the filter mask, the IP checksum is recalculated, andthe regenerate CRC is set in the message. After taking these actions,the logic continues in FIG. 35 at step 35-1. If the No Match action bitis not set, then the logic simply continues to step 35-1 without takingany action.

FIG. 35 illustrates the continuation of the partial match action logic,which is again part of the profile independent actions, beginning withstep 35-1. At step 35-1 the logic checks to see if no match action bit 3is set. If the bit is set, then a copy of the packet is sent to the CPUand bit 0 of the CPU opcodes is set before proceeding to step 35-3. IfNo Match action bit 3 is not set, then the logic simply continues tostep 35-3 without taking any action. At step 35-3 the logic checks tosee if No Match action bit 6 is set. If no match action bit 6 is set,then a copy of the packet is sent to the mirrored port at step 354 andthe logic continues to step 35-5. If No Match action bit 6 is not set atstep 35-3, then the logic simply continues to step 35-5 without takingany action. At step 35-5, the logic checks to see if No Match action bit4 is set. If No Match action bit 4 is set, then the logic drops thepacket at step 35-6 and continues to step 35-7. If No Match action bit 4is not set at step 35-5, then the logic simply continues to step 35-7without taking any action. At step 35-7, the logic checks to see if bit5 of the No Match action bits is set. If No Match action bit 5 is set,then at step 35-8 the outport port and output module id from the fieldin the filter mask are set as the egress port and the egress module,along with the according set of the port bitmap. Thereafter, the logiccontinues to step 36-1, as shown in FIG. 36. If No Match action bit 5 isnot set, then the logic simply continues to step 36-1 without taking anyaction associated with No Match action bit 5.

FIG. 36 shows the continuation of the partial match logic, which isagain part of the profile independent actions, starting with step 36-1.At step 36-1, the logic checks to see if bit 1 of the No Match actionbits is set. If No Match action bit 1 is set, then the logic selects theCOS from the field in the filter mask at step 36-2 and continues to step36-3. If bit 1 of the No Match action bits is not set, then the logicsimply continues to step 36-3 without taking any action. At step 36-3,the logic checks to see if bit 0 in the No Match action bits is set. Ifbit 0 is set, then the logic gets the COS from the field in the filtermask, modifies the packet for the priority tagged field, sets theregenerate CRC bit, and then continues to step 36-5. If bit 0 is notset, then the logic simply continues to step 36-5 without taking anyaction associated with No Match action bit0. At step 36-5, the logicchecks to see if no match action bit 10 is set. If bit 10 is set, and ifthe TOS has not been modified by a higher filter mask, then at step 36-6the DSCP is picked from the in-DSCP field of the filter mask, the IPchecksum is recalculated, and the regenerate CRC bit is set in themessage. After taking these actions, and if bit 10 of the No Matchaction bits is not found to be set at step 36-5, then the logiccontinues to step 36-7. At step 36-7, the logic checks to see if bit 11of the No Match action bits is set. If bit 11 is set, then the logicselects the output port and the output port module from the filter maskas the egress port and the egress module t step 36-8. Further, the portbitmap is accordingly set at step 36-8. If bit 11 is not found to be setat step 35-7, or if the No Match actions for bit 11 are taken, then thelogic continues by checking if there are any more masks to compare, andif so, by beginning with step 33-1 for the next mask and repeating eachof the above mentioned steps. If there are no more masks to compare,then the logic continues to step 43-1, as shown in FIG. 43.

At step 43-1 the port bitmap is set to 0 if the packet is to be droppedbased upon actions to be taken, as determined by the filtering process.At step 43-2 the logic gets the port bitmap and “AND's” this value withforwarding port register and “AND's” this with the active port registercorresponding to the COS queue selected after going through the COSmapping using COS select register and “AND'ed” with the HOL register toget the egress port bitmap. Additionally, at step 43-2 the logic looksat the M bits of the port based VLAN table before continuing to step43-3. At step 43-3 the logic determines if the ingress port is mirrored,which corresponds to M bit 0, or if the stack link and M bits are set.If so, then the packet is sent to the mirrored port at step 43-4 beforecontinuing with the logic at step 43-5. If the bits are not set at step43-3, then the logic continues directly to step 43-5 without forwardingthe packet to the mirrored port. At step 43-5 the logic determines ifthe mirroring is based upon filtering logic. If not, then the logiccontinues directly to step 43-7. If so, then the logic again sends thepacket to the mirrored port prior to proceeding to step 43-7. At step43-7 the logic determines if the egress port is mirrored from reviewingthe egress mirroring register. If the egress mirroring port registerdictates, then the packet is sent to the mirrored port. If not, then thelogic continues through the mirroring processes designated by block M,which will not be discussed in detail herein.

Once all of the profile independent actions are taken, then the logiccontinues through the profile dependent actions beginning with 32-8 inFIG. 32. At step 32-8, it has already been determined that the packet atissue is classified as in-profile, and as such, step 32-8 constitutespacket dependent actions. The specific in-profile actions noted in step32-8 are shown in greater detail beginning in FIG. 36. At step 34-1 inFIG. 34, the filtering/flow control logic checks in-profile action bit 8to see if this bit is set. If this bit is not set, then the logic simplycontinues to step 34-3 without taking any action on the packet. However,if the bit is set, then the logic takes the in-profile actionsassociated with this bit. Specifically, if bit 8 is set, then at step34-2 the logic picks the 802.1p priority value from the TOS precedencefield in the IP header and the regenerate CRC bit in the message is set.After taking these actions, the logic continues to step 34-3, where thelogic checks to see if in-profile action bit 9 is set. If the bit is notset, then the logic continues to step 34-5 without taking any action onthe packet. If bit 9 is set, then at step 34-4 the logic takes theappropriate in-profile actions associated with in-profile action bit 9.Specifically, at step 34-6 the TOS precedence value is picked up fromthe 802.1p priority field, the IP checksum is recalculated, andregenerate CRC bit is set in the message. Thereafter, the logiccontinues to step 34-5, where in-profile action bit 2 is checked. If bit2 is not set, then the logic continues, as shown in FIG. 37 at step37-1.

Step 37-1 shows the filtering/flow control logic checking to see ifin-profile action bit 3 is set. If not, then the logic continues to step37-3; if so, then the logic sends a copy of the packet to the CPU andsets bit 0 of the CPU Opcodes at step 37-2 before continuing to step37-3. At step 37-3, the filtering/flow logic checks in-profile actionbit 6. If this bit is not set, then the logic continues to step 37-5without taking action, however, if this bit is set, then a copy of thepacket is sent to the mirrored port at step 374 before continuing tostep 37-5. At step 37-5 the filter/flow control logic checks to see ifaction bit 4 is set. If bit 4 is set, then the packet is dropped at step37-6, however, the logic continues to check the remaining action bits.If bit 4 is not set, then the logic continues to step 37-7, where actionbit 5 is checked along with the destination port. If action bit 5 isset, and the destination port is set to 0x3f, the default invalid valueset by SOC 10, then select output port and output module id from therule entry as egress port and egress module, and set the port bitmapaccordingly. If action bit 5 and the destination port are not set to thedesired values, then the logic continues to step 37-9, where action bit7 is checked. If action bit 7 is set, then the counter indicated in thecounter field of the rule unless the counter was already incremented forthis packet by a previous action bit or rule at step 37-10. Thereafter,the logic continues to step 37-11, where action bit 10 is checked. Ifin-profile action bit 10 is set and TOS is not modified by a higherfilter mask, then the DSCP is picked from the in-DSCP field of the rulestable, the IP checksum is recalculated, and the regenerate CRC is set inthe packet at step 37-12. Thereafter the logic continues through thein-profile action bits, as illustrated in FIG. 42.

At step 42-1 the filtering/flow control logic checks in-profile actionbit 11 and the destination port address. If action bit 11 is set and thedestination port address equals 0x3f, then the outport port and theoutport module are selected from the rule entry as the egress port andthe egress module, and the port bitmap is updated accordingly, all instep 42-2. Upon completion of the actions associated with action bit 11,or if the action bit is not set, then the filtering/flow control logiccontinues to step 42-3. At step 42-3 the logic checks the in-profileaction bit 12. If the bit is set, the drop precedence bit is set to 1and the CNG bit in the P-Channel is set. After taking this action, or ifaction bit 12 is not set initially, then the logic continues to step42-5. At this step the filtering/flow control logic checks in-profileaction bit 13. If this bit is set, then the packet is dropped at step42-6. After dropping the packet, or if bit 13 is not set initially, thenthe logic continues to check any masks unchecked by repeating the logicsteps for the unchecked masks beginning at step 33-1.

Referring back to FIG. 32 at step 32-12, if the packet is judged to beout-profile, then the out-profile actions are taken in accordance withFIG. 44. The out-profile actions begin at step 44-1 where thefiltering/flow control logic checks to see if out-profile action bit 0is set. If this bit is set, then the packet is sent to ht CPU and bit 0of the CPU Opcodes is set before the logic continues to step 44-3. Ifout-profile action bit 0 is not set, then the logic continues to step44-3 without taking any action on the packet. At step 44-3 thefiltering/flow control logic checks to see if bit 1 of the out-profileaction bits is set. If this bit is set, then the packet is droppedbefore the logic proceeds through the remaining action bits. If bit 1 isnot set, then the logic simply proceeds to step 44-5 without taking anyaction. At step 44-5 the logic checks action bit 2, and if this bit isset then at step 44-6 the logic picks up the DSCP from the out-DSCPfield of the rule if the TOS is unmodified. The IP checksum is alsorecalculated at step 44-6, along with setting the CRC regenerate bit.After completing the actions associated with action bit 2, or if bit 2is not set, then the logic proceeds to step 44-7, where action bit 3 ofthe action field is checked. If the bit is set, then the drop precedencebit is set and the CNG bit in the P-channel is set at step 44-8. Aftertaking these actions, or if action bit 3 is not set initially, then thelogic proceeds to step 44-9, where bit 4 is checked. If bit 4 is set,then the packet is not dropped at step 44-10, despite previous actionbits. If bit 4 is not set, then any previously executed action bits thatwould drop the packet are not modified and the packet is allowed to bedropped. At step 44-11 the out-profile actions for one mask are completeand the logic determines if there are any other masks to compare. Ifthere are more masks, then the logic continues at step 32-1 in FIG. 32with the next mask. If there are no more masks to review, then the logiccontinues with step 43-1 in FIG. 43.

Generally speaking, it should also be noted that the block diagram ofSOC 10 in FIG. 2 illustrates each GPIC 30 having its own ARL/L3 tables31, rules table 32, and VLAN tables 33, and also each EPIC 20 alsohaving its own ARL/L3 tables 21, rules table 22, and VLAN tables 23.However, it is also contemplated within the present invention that twoseparate modules can share a common ARL/L3 table and a common VLANtable. Each module, however, generally has its own rules table 22. Forexample, therefore, GPIC 30 a may share ARL/L3 table 21 a and VLAN table23 a with EPIC 20 a. Similarly, GPIC 30 b may share ARL table 21 b andVLAN table 23 b with EPIC 20 b. This sharing of tables reduces thenumber of gates which are required to implement the invention, and makesfor simplified lookup and synchronization as will be discussed below.

Table Synchronization and Aging

SOC 10 utilizes a unique method of table synchronization and aging, toensure that only current and active address information is maintained inthe tables. When ARL/L3 tables are updated to include a new sourceaddress, a “hit bit” is set within the table of the “owner” or obtainingmodule to indicate that the address has been accessed. Also, when a newaddress is learned and placed in the ARL table, an S channel message isplaced on S channel 83 as an ARL insert message, instructing all ARL/L3tables on SOC 10 to learn this new address. The entry in the ARL/L3tables includes an identification of the port which initially receivedthe packet and learned the address. Therefore, if EPIC 20 a contains theport which initially received the packet and therefore which initiallylearned the address, EPIC 20 a becomes the “owner” of the address. OnlyEPIC 20 a, therefore, can delete this address from the table. The ARLinsert message is received by all of the modules, and the address isadded into all of the ARL/L3 tables on SOC 10. CMIC 40 will also sendthe address information to CPU 52. When each module receives and learnsthe address information, an acknowledge or ACK message is sent back toEPIC 20 a; as the owner further ARL insert messages cannot be sent fromEPIC 20 a until all ACK messages have been received from all of themodules. In a preferred embodiment of the invention, CMIC 40 does notsend an ACK message, since CMIC 40 does not include ingress/egressmodules thereupon, but only communicates with CPU 52. If multiple SOC 10switches are provided in a stacked configuration, all ARL/L3 tableswould be synchronized due to the fact that CPS channel 80 would beshared throughout the stacked modules.

Referring to FIG. 18, the ARL aging process is discussed. An age timeris provided within each EPIC module 20 and GPIC module 30, at step 18-1,it is determined whether the age timer has expired. If the timer hasexpired, the aging process begins by examining the first entry in ARLtable 21. At step 18-2, it is determined whether or not the portreferred to in the ARL entry belongs to the particular module. If theanswer is no, the process proceeds to step 18-3, where it is determinedwhether or not this entry is the last entry in the table. If the answeris yes at step 18-3, the age timer is restarted and the process iscompleted at step 18-4. If this is not the last entry in the table, thenthe process is returned to the next ARL entry at step 18-5. If, however,at step 18-2 it is determined that the port does belong to thisparticular module, then, at step 18-6 it is determined whether or notthe hit bit is set, or if this is a static entry. If the hit bit is set,the hit bit is reset at step 18-7, and the method then proceeds to step18-3. If the hit bit is not set, the ARL entry is deleted at step 18-8,and a delete ARL entry message is sent on the CPS channel to the othermodules, including CMIC 40, so that the table can be appropriatelysynchronized as noted above. This aging process can be performed on theARL (layer two) entries, as well as layer three entries, in order toensure that aged packets are appropriately deleted from the tables bythe owners of the entries. As noted previously, the aging process isonly performed on entries where the port referred to belongs to theparticular module which is performing the aging process. To this end,therefore, the hit bit is only set in the owner module. The hit bit isnot set for entries in tables of other modules which receive the ARLinsert message. The hit bit is therefore always set to zero in thesynchronized non-owner tables.

The purpose of the source and destination searches, and the overalllookups, is to identify the port number within SOC 10 to which thepacket should be directed to after it is placed either CBP 50 or GBP 60.Of course, a source lookup failure results in learning of the sourcefrom the source MAC address information in the packet; a destinationlookup failure, however, since no port would be identified, results inthe packet being sent to all ports on SOC 10. As long as the destinationVLAN ID is the same as the source VLAN ID, the packet will propagate theVLAN and reach the ultimate destination, at which point anacknowledgment packet will be received, thereby enabling the ARL tableto learn the destination port for use on subsequent packets. If the VLANIDs are different, an L3 lookup and learning process will be performed,as discussed previously. It should be noted that each EPIC and each GPICcontains a FIFO queue to store ARL insert messages, since, although eachmodule can only send one message at a time, if each module sends aninsert message, a queue must be provided for appropriate handling of themessages.

Port Movement

After the ARL/L3 tables have entries in them, the situation sometimesarises where a particular user or station may change location from oneport to another port. In order to prevent transmission errors,therefore, SOC 10 includes capabilities of identifying such movement,and updating the table entries appropriately. For example, if station A,located for example on port 1, seeks to communicate with station B,whose entries indicate that user B is located on port 26. If station Bis then moved to a different port, for example, port 15, a destinationlookup failure will occur and the packet will be sent to all ports. Whenthe packet is received by station B at port 15, station B will send anacknowledge (ACK) message, which will be received by the ingress of theEPIC/GPIC module containing port 1 thereupon. A source lookup (of theacknowledge message) will yield a match on the source address, but theport information will not match. The EPIC/GPIC which receives the packetfrom B, therefore, must delete the old entry from the ARL/L3 table, andalso send an ARL/L3 delete message onto the S channel so that all tablesare synchronized. Then, the new source information, with the correctport, is inserted into the ARL/L3 table, and an ARL/L3 insert message isplaced on the S channel, thereby synchronizing the ARL/L3 tables withthe new information. The updated ARL insert message cannot be sent untilall of the acknowledgment messages are sent regarding the ARL deletemessage, to ensure proper table synchronization. As stated previously,typical ARL insertion and deletion commands can only be initiated by theowner module. In the case of port movement, however, since port movementmay be identified by any module sending a packet to a moved port, theport movement-related deletion and insertion messages can be initiatedby any module.

Trunking

During the configuration process wherein a local area network isconfigured by an administrator with a plurality of switches, etc.,numerous ports can be “trunked” to increase bandwidth. For example, iftraffic between a first switch SW1 and a second switch SW2 isanticipated as being high, the LAN can be configured such that aplurality of ports, for example ports 1 and 2, can be connectedtogether. In a 100 megabits per second environment, the trunking of twoports effectively provides an increased bandwidth of 200 megabits persecond between the two ports. The two ports 1 and 2, are thereforeidentified as a trunk group, and CPU 52 is used to properly configurethe handling of the trunk group. Once a trunk group is identified, it istreated as a plurality of ports acting as one logical port. FIG. 19illustrates a configuration wherein SW1, containing a plurality of portsthereon, has a trunk group with ports 1 and 2 of SW2, with the trunkgroup being two communication lines connecting ports 1 and 2 of each ofSW1 and SW2. This forms trunk group T. In this example, station A,connected to port 3 of SW1, is seeking to communicate or send a packetto station B, located on port 26 of switch SW2. The packet must travel,therefore, through trunk group T from port 3 of SW1 to port 26 of SW2.It should be noted that the trunk group could include any of a number ofports between the switches. As traffic flow increases between SW1 andSW2, trunk group T could be reconfigured by the administrator to includemore ports, thereby effectively increasing bandwidth. In addition toproviding increased bandwidth, trunking provides redundancy in the eventof a failure of one of the links between the switches. Once the trunkgroup is created, a user programs SOC 10 through CPU 52 to recognize theappropriate trunk group or trunk groups, with trunk group identification(TGID) information. A trunk group port bit map is prepared for eachTGID; and a trunk group table, provided for each module on SOC 10, isused to implement the trunk group, which can also be called a portbundle. A trunk group bit map table is also provided. These two tablesare provided on a per module basis, and, like tables 21, 22, and 23, areimplemented in silicon as two-dimensional arrays. In one embodiment ofSOC 10, six trunk groups can be supported, with each trunk group havingup to eight trunk ports thereupon. For communication, however, in orderto prevent out-of-ordering of packets or frames, the same port must beused for packet flow. Identification of which port will be used forcommunication is based upon any of the following: source MAC address,destination MAC address, source IP address, destination IP address, orcombinations of source and destination addresses. If source MAC is used,as an example, if station A on port 3 of SW1 is seeking to send a packetto station B on port 26 of SW2, then the last three bits of the sourceMAC address of station A, which are in the source address field of thepacket, are used to generate a trunk port index. The trunk port index,which is then looked up on the trunk group table by the ingresssubmodule 14 of the particular port on the switch, in order to determinewhich port of the trunk group will be used for the communication. Inother words, when a packet is sought to be sent from station A tostation B, address resolution is conducted as set forth above. If thepacket is to be handled through a trunk group, then a T bit will be setin the ARL entry which is matched by the destination address. If the Tbit or trunk bit is set, then the destination address is learned fromone of the trunk ports. The egress port, therefore, is not learned fromthe port number obtained in the ARL entry, but is instead learned fromthe trunk group ID and rules tag (RTAG) which is picked up from the ARLentry, and which can be used to identify the trunk port based upon thetrunk port index contained in the trunk group table. The RTAG and TGIDwhich are contained in the ARL entry therefore define which part of thepacket is used to generate the trunk port index. For example, if theRTAG value is 1, then the last three bits of the source MAC address areused to identify the trunk port index; using the trunk group table, thetrunk port index can then be used to identify the appropriate trunk portfor communication. If the RTAG value is 2, then it is the last threebits of the destination MAC address which are used to generate the trunkport index. If the RTAG is 3, then the last three bits of the source MACaddress are XORED with the last three bits of the destination MACaddress. The result of this operation is used to generate the trunk portindex. For IP packets, additional RTAG values are used so that thesource IP and destination IP addresses are used for the trunk portindex, rather than the MAC addresses.

SOC 10 is configured such that if a trunk port goes down or fails forany reason, notification is sent through CMIC 40 to CPU 52. CPU 52 isthen configured to automatically review the trunk group table, and VLANtables to make sure that the appropriate port bit maps are changed toreflect the fact that a port has gone down and is therefore removed.Similarly, when the trunk port or link is reestablished, the process hasto be reversed and a message must be sent to CPU 52 so that the VLANtables, trunk group tables, etc. can be updated to reflect the presenceof the trunk port.

Furthermore, it should be noted that since the trunk group is treated asa single logical link, the trunk group is configured to accept controlframes or control packets, also known as BPDUs, only one of the trunkports. The port based VLAN table, therefore, must be configured toreject incoming BPDUs of non-specified trunk ports. This rejection canbe easily set by the setting of a B bit in the VLAN table. IEEE standard802.1d defines an algorithm known as the spanning tree algorithm, foravoiding data loops in switches where trunk groups exist. Referring toFIG. 19, a logical loop could exist between ports 1 and 2 and switchesSW1 and SW2. The spanning algorithm tree defines four separate states,with these states including disabling, blocking, listening, learning,and forwarding. The port based VLAN table is configured to enable CPU 52to program the ports for a specific ARL state, so that the ARL logictakes the appropriate action on the incoming packets. As notedpreviously, the B bit in the VLAN table provides the capability toreject BPDUs. The St bit in the ARL table enables the CPU to learn thestatic entries; as noted in FIG. 18, static entries are not aged by theaging process. The hit bit in the ARL table, as mentioned previously,enables the ARL engine 143 to detect whether or not there was a hit onthis entry. In other words, SOC 10 utilizes a unique configuration ofARL tables, VLAN tables, modules, etc. in order to provide an efficientsilicon based implementation of the spanning tree states.

In certain situations, such as a destination lookup failure (DLF) wherea packet is sent to all ports on a VLAN, or a multicast packet, thetrunk group bit map table is configured to pickup appropriate portinformation so that the packet is not sent back to the members of thesame source trunk group. This prevents unnecessary traffic on the LAN,and maintains the efficiency at the trunk group.

IP/IPX

Referring again to FIG. 14, each EPIC 20, GPIC 30, or IPIC 90 can beconfigured to enable support of both IP and IPX protocol at linespeed.This flexibility is provided without having any negative effect onsystem performance, and utilizes a table, implemented in silicon, whichcan be selected for IP protocol, IPX protocol, or a combination of IPprotocol and IPX protocol. This capability is provided within logiccircuitry 1411, and utilizes an IP longest prefix cache lookup (IP_LPC),and an IPX longest prefix cache lookup (IPX_LPC). During the layer 3lookup, a number of concurrent searches are performed; an L3 fastlookup, and the IP longest prefix cache lookup, are concurrentlyperformed if the packet is identified by the packet header as an IPpacket. If the packet header identifies the packet as an IPX packet, theL3 fast lookup and the IPX longest prefix cache lookup will beconcurrently performed. It should be noted that ARL/L3 tables 21/31 ofEPICs 20 and GPICs 30 include an IP default router table which isutilized for an IP longest prefix cache lookup when the packet isidentified as an IP packet, and also includes an IPX default routertable which is utilized when the packet header identifies the packet asan IPX packet. Appropriate hexadecimal codes are used to determine thepacket types. If the packet is identified as neither an IP packet nor anIPX packet, the packet is directed to CPU 52 via CPS channel 80 and CMIC40. It should be noted that if the packet is identified as an IPXpacket, it could be any one of four types of IPX packets. The fourtypes, as noted previously, are Ethernet 802.3, Ethernet 802.2, EthernetSNAP, and Ethernet II.

The concurrent lookup of L3 and either IP or IPX are important to theperformance of SOC 10. In one embodiment of SOC 10, the L3 table wouldinclude a portion which has IP address information, and another portionwhich has IPX information, as the default router tables. These defaultrouter tables, as noted previously, are searched depending upon whetherthe packet is an IP packet or an IPX packet. In order to more clearlyillustrate the tables, the L3 table format for an L3 table within ARL/L3tables 21 is as follows:

-   -   IP or IPX Address—32 bits long—IP or IPX Address—is a 32 bit IP        or IPX Address. The Destination IP or IPX Address in a packet is        used as a key in searching this table.    -   Mac Address—48 bits long—Mac Address is really the next Hop Mac        Address. This Mac address is used as the Destination Mac Address        in the forwarded IP Packet.    -   Port Number—6 bits long—Port Number—is the port number the        packet has to go out if the Destination IP Address matches this        entry's IP Address.    -   L3 Interface Num—5 bits long—L3 Interface Num—This L3 Interface        Number is used to get the Router Mac Address from the L3        Interface Table.    -   L3 Hit Bit—1 bit long—L3 Hit bit—is used to check if there is        hit on this Entry. The hit bit is set when the Source IP Address        search matches this entry. The L3 Aging Process ages the entry        if this bit is not set.    -   Frame Type—2 bits long—Frame Type indicates type of IPX Frame        (802.2, Ethernet II, SNAP and 802.3) accepted by this IPX Node.        Value 00—Ethernet II Frame. Value 01—SNAP Frame. Value 02—802.2        Frame. Value 03—802.3 Frame.    -   Reserved—4 bits long—Reserved for future use.        The fields of the default IP router table are as follows:    -   IP Subnet Address—32 bits long—IP Subnet Address—is a 32 bit IP        Address of the Subnet.    -   Mac Address—48 bits long—Mac Address is really the next Hop Mac        Address and in this case is the Mac Address of the default        Router.    -   Port Number—6 bits long—Port Number is the port number on which        the forwarded packet has to go out.    -   Module ID—5 bits long—identifies the module in a stack that the        packet must go out on after a longest prefix match.    -   L3 Interface Num—5 bits long—L3 Interface Num is L3 Interface        Number.    -   IP Subnet Bits—5 bits long—IP Subnet Bits is total number of        Subnet Bits in the Subnet Mask. These bits are ANDED with        Destination IP Address before comparing with Subnet Address.    -   C Bit—1 bit long—C Bit—If this bit is set then send the packet        to CPU also.        The fields of the default IPX router table within ARL/L3 tables        21 are as follows:    -   IPX Subnet Address—32 bits long—IPX Subnet Address is a 32 bit        IPX Address of the Subnet.    -   Mac Address—48 bits long—Mac Address is really the next Hop Mac        Address and in this case is the Mac Address of the default        Router.    -   Port Number—6 bits long—Port Number is the port number on which        the forwarded packet has to go out.    -   Module ID—5 bits long—identifies the module in a stack that the        packet must go out on after a longest prefix match.    -   L3 Interface Num—5 bits long—L3 Interface Num is L3 Interface        Number.    -   IPX Subnet Bits—5 bits long—IPX Subnet Bits is total number of        Subnet Bits in the Subnet Mask. These bits are ANDED with        Destination IPX Address before comparing with Subnet Address.    -   C Bit—1 bit long—C Bit—If this bit is set then send the packet        to CPU also.

If a match is not found in the L3 table for the destination IP address,longest prefix match in the default IP router fails, then the packet isgiven to the CPU. Similarly, if a match is not found on the L3 table fora destination IPX address, and the longest prefix match in the defaultIPX router fails, then the packet is given to the CPU. The lookups aredone in parallel, but if the destination IP or IPX address is found inthe L3 table, then the results of the default router table lookup areabandoned.

The longest prefix cache lookup, whether it be for IP or IPX, includesrepetitive matching attempts of bits of the IP subnet address. Thelongest prefix match consists of ANDing the destination IP address withthe number of IP or IPX subnet bits and comparing the result with the IPsubnet address. Once a longest prefix match is found, as long as the TTLis not equal to one, then appropriate IP checksums are recalculated, thedestination MAC address is replaced with the next hop MAC address, andthe source MAC address is replaced with the router MAC address of theinterface. The VLAN ID is obtained from the L3 interface table, and thepacket is then sent as either tagged or untagged, as appropriate. If theC bit is set, a copy of the packet is sent to the CPU as may benecessary for learning or other CPU-related functions.

It should be noted, therefore, that if a packet arrives destined to aMAC address associated with a level 3 interface for a selected VLAN, theingress looks for a match at an IP/IPX destination subnet level. Ifthere is no IP/IPX destination subnet match, the packet is forwarded toCPU 52 for appropriate routing. However, if an IP/IPX match is made,then the MAC address of the next hop and the egress port number isidentified and the packet is appropriately forwarded.

In other words, the ingress of the EPIC 20 or GPIC 30 is configured withrespect to ARL/L3 tables 21 so that when a packet enters ingresssubmodule 14, the ingress can identify whether or not the packet is anIP packet or an IPX packet. IP packets are directed to an IP/ARL lookup,and IPX configured packets are directed to an IPX/ARL lookup. If an L3match is found during the L3 lookup, then the longest prefix matchlookups are abandoned.

IP Multicast

SOC 10 is configured to support IP multicast applications, such asmultimedia conferencing, realtime video, realtime audio, etc. Theseapplications are heavily dependent upon point-to-multipoint delivery ofservice. Some IP protocols which had been deployed to support IPmulticast include DVMRP (distance vector multicast routing protocol),Protocol-independent Multicast-Dense Mode, Protocol IndependentMulticast-Sparse Mode, Multicast Extensions to SOSPF, etc. In order toimplement such configurations, each EPIC, GPIC, and possibly othermodules on SOC 10 are provided with an IP multicast table. The ingresslogic 14 and egress logic 16 are configured to handle IP multicastpackets.

Each multicast table may be, for example, 256 entries deep, and 128 bitswide. The table is sorted, and the search key is the source IP addressplus multicast IP address. FIG. 24 illustrates the format for an IPmulticast table. The fields for such a table can be as follows:

-   -   Source IP Address—32 bits long—Source IP Address is a 32 bit IP        Address of the Source Station.    -   Multicast IP Address—32 bits long—Multicast IP Address—is a 32        bit IP Multicast Address. Note: IP Multicast Address is a Class        D Address; the first three MSBs are all 1's.    -   L3 Port Bitmap—31 bits long—L3 Port Bitmap identifies all the        ports on which the packet should go out.    -   L3 Module Bitmap—32 bits long—L3 Module Bitmap identifies all        the Modules on which the packet should go out.    -   Source Port—6 bits long—Source Port is the port, which is        nearest to the Source Station. In other words, the Source        Station, identified by the Source IP address, sends multicast        traffic through this port.    -   TTL Threshold—5 bits long—If the incoming Multicast Packet has        TTL below the TTL Threshold then the packet is dropped.

FIG. 25 illustrates a flowchart for how ingress 14 of an SOC 20 wouldhandle an IP multicast packet coming in to a port thereupon. In step25-1, the packet is examined to determine whether or not it is an IPmulticast packet without any option fields. If there are option fields,the packet is sent to CPU 52 for further handling. In step 25-2, the IPchecksum is validated. In step 25-3, the destination IP address isexamined to see if it is a class D address. A class D address is onewhere the first three most significant bits are all set to 1. If thedestination IP address is not a class D address, then the packet isdropped. If so, the IP multicast table is searched at step 25-4 with thekey as the source IP address+the destination IP address. If the entry isnot found, then the packet is sent to CPU 52. If a match is found atstep 25-5, the TTL (time-to-live) is checked against the TTL thresholdvalue in the IP multicast entry at step 25-6. If the TTL value is lessthan the threshold value, the packet is dropped. If the TTL value is notbelow the threshold, then the source port is compared to the source portin the entry at step 25-7. If there is not a match, then the packet isdropped. If there is a match, the packet is appropriately sent over Cchannel 81 of CPS channel 80 at step 25-8, with appropriate P channelmessages locked therewith. The packet is sent with the L2 port bitmapand L2 untagged bitmap obtained as a result of the L2 search, and the L3port bitmap as a result of the IP multicast search. Additionally, the IPmulticast bit is set in the P channel message, indicating that thepacket is an IP multicast packet and that the egress, upon receipt ofthe packet, must modify the IP header appropriately. From CPS channel80, therefore, the packet is sent to the appropriate buffer pool untilit is obtained by the appropriate egress port.

When the appropriate egress port obtains the packet from memory, if theegress port is part of the L3 port bitmap, then the packet must bemodified. The TTL value must be decremented, and the IP header checksumis recalculated. The source MAC address in the packet must be changed tobe the L3 interface MAC address. If the L3 interface associated with theport is tagged, then the VLAN tag header must be replaced with the VLANId configured for the interface.

It should be noted that if there are multiple L3 interfaces associatedwith a port, then multiple packets need to be sent to that port. The CPUbit in the IP multicast entry can be set in this situation, so that thepacket is given to the CPU along with the port bitmap upon which thepacket has already been sent. The CPU can then send multiple copies ofthe packet on the port with the multiple L3 interfaces. Thisconfiguration, therefore, minimizes complexity and maximizes speed onSOC 10, but provides the added flexibility of CPU involvement whennecessary.

Another important field of the filter mask format is the counter indexor the counter field. This five bit field is incremented every timethere is a match with the particular filter mask. The counter data isused for a number of different purposes, including finding packet countsfor particular types of packets, packet statistics, etc. If a networkadministrator is seeking, for example, to monitor a particular rate of aparticular packet type or a packet frequency, or packets from aparticular IP address, the counter can be configured to be soincremented. Thresholds can be set by the network administrator suchthat predetermined action can be taken after a selected threshold isexceeded. Such action may include changing the priority of the packets,dropping further packets, and other action.

Notable aspects of the rules table format for SOC 10 are fields ofaction bits which enable priority or precedence to be changed fromTOS-to-COS, and vice versa. Referring to the rules table illustrated inFIG. 23, and the filter mask format, bits 8 and 9 of the action bitsfield enable this conversion. If bit 8 is set, then the 802.1p priorityfield is picked up from the TOS precedence field in the IP header. Ifbit 9 is set, then the value of the TOS precedence field is picked upfrom the 802.1p priority field. This provides the significant advantageof providing valuable information which can be read by both routers andswitches. Switches operating at layer 2 will look at the 802.1p priorityfield (inventors—please confirm), while routers, operating at layer 3,will look at the TOS precedence field. When a packet enters the switchdomain from the router domain in a LAN, the precedence can beappropriately moved by SOC 10 from the 802.1p priority field to the TOSprecedence field, and vice versa.

HOL Blocking

SOC 10 incorporates some unique data flow characteristics, in ordermaximize efficiency and switching speed. In network communications, aconcept known as head-of-line or HOL blocking occurs when a port isattempting to send a packet to a congested port, and immediately behindthat packet is another packet which is intended to be sent to anun-congested port. The congestion at the destination port of the firstpacket would result in delay of the transfer of the second packet to theun-congested port. Each EPIC 20, GPIC 30, and IPIC 90 within SOC 10includes a unique HOL blocking mechanism in order to maximize throughputand minimize the negative effects that a single congested port wouldhave on traffic going to un-congested ports. For example, if a port on aGPIC 30, with a data rate of, for example, 1000 megabits per second isattempting to send data to another port 24 a on EPIC 20 a, port 24 awould immediately be congested. Each port on each IPIC 90, GPIC 30, andEPIC 20 is programmed by CPU 52 to have a high watermark and a lowwatermark per port per class of service (COS), with respect to bufferspace within CBP 50.

The fact that the head of line blocking mechanism enables per port perCOS head of line blocking prevention enables a more efficient data flowthan that which is known in the art. When the output queue for aparticular port hits the preprogrammed high watermark within theallocated buffer in CBP 50, MMU 70 sends, on S channel 83, a COS queuestatus notification to the appropriate ingress module of the appropriateGPIC 30 or EPIC 20. When the message is received, the active portregister corresponding to the COS indicated in the message is updated.If the port bit for that particular port is set to zero, then theingress is configured to drop all packets going to that port. Althoughthe dropped packets will have a negative effect on communication to thecongested port, the dropping of the packets destined for congested portsenables packets going to un-congested ports to be expeditiouslyforwarded thereto. When the output queue goes below the preprogrammedlow watermark, MMU 70 sends a COS queue status notification message onthe sideband channel with the bit set for the port. When the ingressgets this message, the bit corresponding to the port in the active portregister for the module is set so that the packet can be sent to theappropriate output queue. By waiting until the output queue goes belowthe low watermark before re-activating the port, a hysteresis is builtinto the system to prevent constant activation and deactivation of theport based upon the forwarding of only one packet, or a small number ofpackets. It should be noted that every module has an active portregister. As an example, each COS per port may have four registers forstoring the high watermark and the low watermark; these registers canstore data in terms of number of cells on the output queue, or in termsof number of packets on the output queue. In the case of a unicastmessage, the packet is merely dropped; in the case of multicast orbroadcast messages, the message is dropped with respect to congestedports, but forwarded to uncongested ports. MMU 70 includes all logicrequired to implement this mechanism to prevent HOL blocking, withrespect to budgeting of cells and packets. MMU 70 includes an HOLblocking marker register to implement the mechanism based upon cells. Ifthe local cell count plus the global cell count for a particular egressport exceeds the HOL blocking marker register value, then MMU 70 sendsthe HOL status notification message. MMU 70 can also implement an earlyHOL notification, through the use of a bit in the MMU configurationregister which is referred to as a Use Advanced Warning Bit. If this bitis set, the MMU 70 sends the HOL notification message if the local cellcount plus the global cell count plus one hundred twenty-one (121) isgreater than the value in the HOL blocking marker register. 121 is thenumber of cells in a jumbo frame.

With respect to the hysteresis discussed above, it should be noted thatMMU 70 implements both a spatial and a temporal hysteresis. When thelocal cell count plus global cell count value goes below the value inthe HOL blocking marker register, then a poaching timer value from anMMU configuration register is used to load into a counter. The counteris decremented every 32 clock cycles. When the counter reaches 0, MMU 70sends the HOL status message with the new port bit map. The bitcorresponding to the egress port is reset to 0, to indicate that thereis no more HOL blocking on the egress port. In order to carry on HOLblocking prevention based upon packets, a skid mark value is defined inthe MMU configuration register. If the number of transaction queueentries plus the skid mark value is greater than the maximum transactionqueue size per COS, then MMU 70 sends the COS queue status message onthe S channel. Once the ingress port receives this message, the ingressport will stop sending packets for this particular port and COScombination. Depending upon the configuration and the packet lengthreceived for the egress port, either the head of line blocking for thecell high watermark or the head of line blocking for the packet highwatermark may be reached first. This configuration, therefore, works toprevent either a small series of very large packets or a large series ofvery small packets from creating HOL blocking problems.

The low watermark discussed previously with respect to CBP admissionlogic is for the purpose of ensuring that, independent of trafficconditions, each port will have appropriate buffer space allocated inthe CBP to prevent port starvation, and ensure that each port will beable to communicate with every other port to the extent that the networkcan support such communication.

Referring again to MMU 70, CBM 71 is configured to maximize availabilityof address pointers associated with incoming packets from a free addresspool. CBM 71, as noted previously, stores the first cell pointer untilincoming packet 112 is received and assembled either in CBP 50, or GBP60. If the purge flag of the corresponding P channel message is set, CBM71 purges the incoming data packet 112, and therefore makes the addresspointers GPID/CPID associated with the incoming packet to be available.When the purge flag is set, therefore, CBM 71 essentially flushes orpurges the packet from processing of SOC 10, thereby preventingsubsequent communication with the associated egress manager 76associated with the purged packet. CBM 71 is also configured tocommunicate with egress managers 76 to delete aged and congestedpackets. Aged and congested packets are directed to CBM 71 based uponthe associated starting address pointer, and the reclaim unit within CBM71 frees the pointers associated with the packets to be deleted; thisis, essentially, accomplished by modifying the free address pool toreflect this change. The memory budget value is updated by decrementingthe current value of the associated memory by the number of data cellswhich are purged.

To summarize, resolved packets are placed on C channel 81 by ingresssubmodule 14 as discussed with respect to FIG. 8. CBM 71 interfaces withthe CPS channel, and every time there is a cell/packet addressed to anegress port, CBM 71 assigns cell pointers, and manages the linked list.A plurality of concurrent reassembly engines are provided, with onereassembly engine for each egress manager 76, and tracks the framestatus. Once a plurality of cells representing a packet is fully writteninto CBP 50, CBM 71 sends out CPIDs to the respective egress managers,as discussed above. The CPIDs point to the first cell of the packet inthe CBP; packet flow is then controlled by egress managers 76 totransaction MACs 140 once the CPID/GPID assignment is completed by CBM71. The budget register (not shown) of the respective egress manager 76is appropriately decremented by the number of cells associated with theegress, after the complete packet is written into the CBP 50. EGM 76writes the appropriate PIDs into its transaction FIFO. Since there aremultiple classes of service (COSs), then the egress manager 76 writesthe PIDs into the selected transaction FIFO corresponding to theselected COS. As will be discussed below with respect to FIG. 13, eachegress manager 76 has its own scheduler interfacing to the transactionpool or transaction FIFO on one side, and the packet pool or packet FIFOon the other side. The transaction FIFO includes all PIDs, and thepacket pool or packet FIFO includes only CPIDs. The packet FIFOinterfaces to the transaction FIFO, and initiates transmission basedupon requests from the transmission MAC. Once transmission is started,data is read from CBP 50 one cell at a time, based upon transaction FIFOrequests.

As noted previously, there is one egress manager for each port of everyEPIC 20 and GPIC 30, and is associated with egress sub-module 18. Itshould be noted that IPIC 90 manages egress in a different manner thanEPICs 20 and GPICs 30, since IPIC 90 fetches packets from NBP 92.

FIG. 13 illustrates a block diagram of an egress manager 76communicating with R channel 77. For each data packet 112 received by aningress submodule 14 of an EPIC 20 of SOC 10, CBM 71 assigns a PointerIdentification (PID); if the packet 112 is admitted to CBP 50, the CBM71 assigns a CPID, and if the packet 112 is admitted to GBP 60, the CBM71 assigns a GPID number. At this time, CBM 71 notifies thecorresponding egress manager 76 which will handle the packet 112, andpasses the PID to the corresponding egress manager 76 through R channel77. In the case of a unicast packet, only one egress manager 76 wouldreceive the PID. However, if the incoming packet were a multicast orbroadcast packet, each egress manager 76 to which the packet is directedwill receive the PID. For this reason, a multicast or broadcast packetneeds only to be stored once in the appropriate memory, be it either CBP50 or GBP 60.

Each egress manager 76 includes an R channel interface unit (RCIF) 131,a transaction FIFO 132, a COS manager 133, a scheduler 134, anaccelerated packet flush unit (APF) 135, a memory read unit (MRU) 136, atime stamp check unit (TCU) 137, and an untag unit 138. MRU 136communicates with CBP Memory Controller (CMC) 79, which is connected toCBP 50. Scheduler 134 is connected to a packet FIFO 139. RCIF 131handles all messages between CBM 71 and egress manager 76. When a packet112 is received and stored in SOC 10, CBM 71 passes the packetinformation to RCIF 131 of the associated egress manager 76. The packetinformation will include an indication of whether or not the packet isstored in CBP 50 or GBP 70, the size of the packet, and the PID. RCIF131 then passes the received packet information to transaction FIFO 132.Transaction FIFO 132 is a fixed depth FIFO with eight COS priorityqueues, and is arranged as a matrix with a number of rows and columns.Each column of transaction FIFO 132 represents a class of service (COS),and the total number of rows equals the number of transactions allowedfor any one class of service. COS manager 133 works in conjunction withscheduler 134 in order to provide policy based quality of service (QOS),based upon Ethernet standards. As data packets arrive in one or more ofthe COS priority queues of transaction FIFO 132, scheduler 134 directs aselected packet pointer from one of the priority queues to the packetFIFO 139. The selection of the packet pointer is based upon a queuescheduling algorithm, which is programmed by a user through CPU 52,within COS manager 133.

An example of a COS issue is video, which requires greater bandwidththan text documents. A data packet 112 of video information maytherefore be passed to packet FIFO 139 ahead of a packet associated witha text document. The COS manager 133 would therefore direct scheduler134 to select the packet pointer associated with the packet of videodata.

The COS manager 133 can also be programmed using a strict priority basedscheduling method, or a weighted priority based scheduling method ofselecting the next packet pointer in transaction FIFO 132. Utilizing astrict priority based scheduling method, each of the eight COS priorityqueues are provided with a priority with respect to each other COSqueue. Any packets residing in the highest priority COS queue areextracted from transaction FIFO 132 for transmission. On the other hand,utilizing a weighted priority based scheduling scheme, each COS priorityqueue is provided with a programmable bandwidth. After assigning thequeue priority of each COS queue, each COS priority queue is given aminimum and a maximum bandwidth. The minimum and maximum bandwidthvalues are user programmable. Once the higher priority queues achievetheir minimum bandwidth value, COS manager 133 allocates any remainingbandwidth based upon any occurrence of exceeding the maximum bandwidthfor any one priority queue. This configuration guarantees that a maximumbandwidth will be achieved by the high priority queues, while the lowerpriority queues are provided with a lower bandwidth.

The programmable nature of the COS manager enables the schedulingalgorithm to be modified based upon a user's specific needs. Forexample, COS manager 133 can consider a maximum packet delay value whichmust be met by a transaction FIFO queue. In other words, COS manager 133can require that a packet 112 is not delayed in transmission by themaximum packet delay value; this ensures that the data flow of highspeed data such as audio, video, and other real time data iscontinuously and smoothly transmitted.

If the requested packet is located in CBP 50, the CPID is passed fromtransaction FIFO 132 to packet FIFO 139. If the requested packet islocated in GBP 60, the scheduler initiates a fetch of the packet fromGBP 60 to CBP 50; packet FIFO 139 only utilizes valid CPID information,and does not utilize GPID information. The packet FIFO 139 onlycommunicates with the CBP and not the GBP. When the egress seeks toretrieve a packet, the packet can only be retrieved from the CBP; forthis reason, if the requested packet is located in the GBP 50, thescheduler fetches the packet so that the egress can properly retrievethe packet from the CBP.

APF 135 monitors the status of packet FIFO 139. After packet FIFO 139 isfull for a specified time period, APF 135 flushes out the packet FIFO.The CBM reclaim unit is provided with the packet pointers stored inpacket FIFO 139 by APF 135, and the reclaim unit is instructed by APF135 to release the packet pointers as part of the free address pool. APF135 also disables the ingress port 21 associated with the egress manager76.

While packet FIFO 139 receives the packet pointers from scheduler 134,MRU 136 extracts the packet pointers for dispatch to the proper egressport. After MRU 136 receives the packet pointer, it passes the packetpointer information to CMC 79, which retrieves each data cell from CBP50. MRU 136 passes the first data cell 112 a, incorporating cell headerinformation, to TCU 137 and untag unit 138. TCU 137 determines whetherthe packet has aged by comparing the time stamps stored within data cell112 a and the current time. If the storage time is greater than aprogrammable discard time, then packet 112 is discarded as an agedpacket. Additionally, if there is a pending request to untag the datacell 112 a, untag unit 138 will remove the tag header prior todispatching the packet. Tag headers are defined in IEEE Standard 802.1q.

Egress manager 76, through MRU 136, interfaces with transmission FIFO140, which is a transmission FIFO for an appropriate media accesscontroller (MAC); media access controllers are known in the Ethernetart. MRU 136 prefetches the data packet 112 from the appropriate memory,and sends the packet to transmission FIFO 140, flagging the beginningand the ending of the packet. If necessary, transmission FIFO 140 willpad the packet so that the packet is 64 bytes in length.

As shown in FIG. 9, packet 112 is sliced or segmented into a pluralityof 64 byte data cells for handling within SOC 10. The segmentation ofpackets into cells simplifies handling thereof, and improvesgranularity, as well as making it simpler to adapt SOC 10 to cell-basedprotocols such as ATM. However, before the cells are transmitted out ofSOC 10, they must be reassembled into packet format for propercommunication in accordance with the appropriate communication protocol.A cell reassembly engine (not shown) is incorporated within each egressof SOC 10 to reassemble the sliced cells 112 a and 112 b into anappropriately processed and massaged packet for further communication.

FIG. 16 is a block diagram showing some of the elements of CPU interfaceor CMIC 40. In a preferred embodiment, CMIC 40 provides a 32 bit 66 MHZPCI interface, as well as an 12C interface between SOC 10 and externalCPU 52. PCI communication is controlled by PCI core 41, and 12Ccommunication is performed by 12C core 42, through CMIC bus 167. Asshown in the figure, many CMIC 40 elements communicate with each otherthrough CMIC bus 167. The PCI interface is typically used forconfiguration and programming of SOC 10 elements such as rules tables,filter masks, packet handling, etc., as well as moving data to and fromthe CPU or other PCI uplink. The PCI interface is suitable for high endsystems wherein CPU 52 is a powerful CPU and running a sufficientprotocol stack as required to support layer two and layer threeswitching functions. The 12C interface is suitable for low end systems,where CPU 52 is primarily used for initialization. Low end systems wouldseldom change the configuration of SOC 10 after the switch is up andrunning.

CPU 52 is treated by SOC 10 as any other port. Therefore, CMIC 40 mustprovide necessary port functions much like other port functions definedabove. CMIC 40 supports all S channel commands and messages, therebyenabling CPU 52 to access the entire packet memory and register set;this also enables CPU 52 to issue insert and delete entries into ARL/L3tables, issue initialize CFAP/SFAP commands, read/write memory commandsand ACKs, read/write register command and ACKs, etc. Internal to SOC 10,CMIC 40 interfaces to C channel 81, P channel 82, and S channel 83, andis capable of acting as an S channel master as well as S channel slave.To this end, CPU 52 must read or write 32-bit D words. For ARL tableinsertion and deletion, CMIC 40 supports buffering of four insert/deletemessages which can be polled or interrupt driven. ARL messages can alsobe placed directly into CPU memory through a DMA access using an ARL DMAcontroller 161. DMA controller 161 can interrupt CPU 52 after transferof any ARL message, or when all the requested ARL packets have beenplaced into CPU memory.

Communication between CMIC 40 and C channel 81/P channel 82 is performedthrough the use of CP-channel buffers 162 for buffering C and P channelmessages, and CP bus interface 163. S channel ARL message buffers 164and S channel bus interface 165 enable communication with S channel 83.As noted previously, PIO (Programmed Input/Output) registers are used,as illustrated by SCH PIO registers 166 and PIO registers 168, to accessthe S channel, as well as to program other control, status, address, anddata registers. PIO registers 168 communicate with CMIC bus 167 through12C slave interface 42 a and 12C master-interface 42 b. DMA controller161 enables chaining, in memory, thereby allowing CPU 52 to transfermultiple packets of data without continuous CPU intervention. Each DMAchannel can therefore be programmed to perform a read or write DMAoperation. Specific descriptor formats may be selected as appropriate toexecute a desired DMA function according to application rules. Forreceiving cells from MMU 70 for transfer to memory, if appropriate, CMIC40 acts as an egress port, and follows egress protocol as discussedpreviously. For transferring cells to MMU 70, CMIC 40 acts as an ingressport, and follows ingress protocol as discussed previously. CMIC 40checks for active ports, COS queue availability and other ingressfunctions, as well as supporting the HOL blocking mechanism discussedabove. CMIC 40 supports single and burst PIO operations; however, burstshould be limited to S channel buffers and ARL insert/delete messagebuffers. Referring once again to 12C slave interface 42 a, the CMIC 40is configured to have an 12C slave address so that an external 12Cmaster can access registers of CMIC 40. CMIC 40 can inversely operate asan 12C master, and therefore, access other 12C slaves. It should benoted that CMIC 40 can also support MIIM through MIIM interface 169.MIIM support is defined by IEEE Standard 802.3u, and will not be furtherdiscussed herein. Similarly, other operational aspects of CMIC 40 areoutside of the scope of this invention.

A unique and advantageous aspect of SOC 10 is the ability of doingconcurrent lookups with respect to layer two (ARL), layer three, andfiltering. When an incoming packet comes in to an ingress submodule 14of either an EPIC 20 or a GPIC 30, as discussed previously, the moduleis capable of concurrently performing an address lookup to determine ifthe destination address is within a same VLAN as a source address; ifthe VLAN IDs are the same, layer 2 or ARL lookup should be sufficient toproperly switch the packet in a store and forward configuration. If theVLAN lDs are different, then layer three switching must occur based uponappropriate identification of the destination address, and switching toan appropriate port to get to the VLAN of the destination address. Layerthree switching, therefore, must be performed in order to cross VLANboundaries. Once SOC 10 determines that L3 switching is necessary, SOC10 identifies the MAC address of a destination router, based upon the L3lookup. L3 lookup is determined based upon a reading in the beginningportion of the packet of whether or not the L3 bit is set. If the L3 bitis set, then L3 lookup will be necessary in order to identifyappropriate routing instructions. If the lookup is unsuccessful, arequest is sent to CPU 52 and CPU 52 takes appropriate steps to identifyappropriate routing for the packet. Once the CPU has obtained theappropriate routing information, the information is stored in the L3lookup table, and for the next packet, the lookup will be successful andthe packet will be switched in the store and forward configuration.

Interconnectability

IPIC 90 of SOC 10 provides significant functionality with respect tointerconnectability. In particular, IPIC 90 enables a significant amountof flexibility and performance regarding stacking of a plurality of SOC10 chips. Using the high performance interface discussed previously, twoSOC 10 chips or switch modules can be connected through their respectiveIPIC 90 modules. Such a configuration would enable the SOC switchmodules to also commonly connect their CMIC 40 modules to a common CPU52. In such a configuration where each SOC 10 includes three EPIC 20modules each having eight fast Ethernet ports and two GPIC modules eachhaving one gigabit Ethernet port, the resulting configuration would have48 fast Ethernet ports (24 ports per SOC 10) and four gigabit Ethernetports. FIG. 26 illustrates such a configuration, wherein CPU 52 iscommonly connected to CMIC 40(1) and CMIC 40(2), of SOC 10(1), and SOC10(2), respectively. IPIC 90(1) and IPIC 90(2) are interconnectedthrough high performance interface 261. The fast Ethernet and gigabitports are collectively shown as ports 24(1) and 24(2), respectively.

Other stacking configurations include what is referred to as a ringconfiguration, wherein a plurality of SOC 10 chips are connected to aring through an ICM (interconnect module) interface. Yet a thirdstacking connection is a plurality of SOC 10 chips or switches beingconnected through an ICM to a crossbar switch, in such a way that thecrossbar switch interconnects the plurality of SOC 10 switches. Theseadditional two stacking configurations are illustrated in FIGS. 27A and27B, respectively. FIG. 27A illustrates SOC 10(1) connected to ring Rthrough ICM 271(1), as well as SOC 10(2) being connected to ring Rthrough ICM 271(2). This configuration enables a plurality of SOC 10switches to be stacked. In one embodiment, as many as 32 SOC 10 switchescould be attached to ring R. FIG. 27B illustrates a crossbarconfiguration, wherein SOC 10(1) and 10(2) are connected to crossbar Cthrough ICM 271(1) and 271(2), respectively. This configuration, likethat of FIG. 27A, enables a significant number of SOC switches to bestacked. The crossbar C is a known device which acts as a matrix or gridwhich is capable of interconnecting a plurality of ports throughactivation of an appropriate matrix connection.

As illustrated in FIGS. 1 and 2, IPIC 90 of each SOC 10 interfaces onone side to CPS channel 80, and on the other side to the highperformance interconnect link 261. Packets coming in to IPIC 90 whichare destined for other ports on SOC 10 are handled essentially aspackets coming in to any other port on SOC 10. However, due to theexistence of the module header for stacked communications, IPIC 90includes a shallow memory to store the incoming packet. The moduleheader is stripped on the ingress; the module header, as notedpreviously, is appended to the packet by the source module. IPIC 90 thenperforms address resolution. Address resolution is different for packetscoming into IPIC 90 than for packets coming into EPICs 20 or GPICs 30,and will be discussed below. After address resolution, the destinationor egress ports are determined, and the port bitmap is constructed. Thepacket is then sliced into cells, and the cells are sent to MMU 70 overCPS channel 80. The cell data is sent over C channel 81, and theappropriate messages, including the module header, is sent over Pchannel 82.

For the case where cells come in to other ports on SOC 10 and aredestined for the high performance interface 261, the cells are placed onCPS channel 80 from the appropriate ingress port, where they are thenreceived by IPIC 90. The cells are interleaved back into packets in NBP92, and are not, therefore, handled by MMU 70. The NBP, as notedpreviously, is on-chip memory, which is dedicated for use only by theIPIC 90. The NBP can be separately segregated memory, or reserved memoryspace within CBP 50. The module header information, appended to thepacket by the source, is received by IPIC 90 from the P channel. Themodule header includes the module ID bitmap, COS, mirrored-toport/switch information, trunk group ID, etc. The constructed packet isthen sent onto the high performance interface 261. It should be notedthat interface 261 is typically being sought to be accessed by twodevices. For example, FIG. 26 illustrates a configuration wherein IPIC90(1) and IPIC 90(2) must arbitrate for access to interface 261. In theconfigurations of FIGS. 27A and 27B, the appropriate IPIC 90 mustarbitrate for access to interface 261 with the appropriate ICM 271. Thearbiter is illustrated, for example, in FIG. 28 as arbiter 93.

FIG. 28 is an overview of the functional elements of an IPIC 90. Inaddition to tables 91, NBP 92, and arbiter 93, IPIC 90 includes flowcontrol logic 94 which is connected to ICM 271 in order to enable IPIC90 to keep up with traffic coming from the ICM. Using a pause/resumesignal, the ICM and flow control logic 94 exchange pause and resumesignals to appropriately control the flow. In situations where the ICMmemory is full, the ICM asserts the pause/resume signal as a pause, totell IPIC 90 not to send any more packets to ICM 271. In situationswhere IPIC 90 is receiving packets from ICM 271, if the IPIC can nolonger receive packets, for example, if the CBP 50 and GBP 60 are full,then the IPIC will assert the pause/resume signal as a pause signal tothe ICM. As soon as it is appropriate to resume flow in eitherdirection, the signal is de-asserted to resume traffic flow. It shouldbe noted that if the ICM is full, yet packets continue to arrive at IPIC90 from CPS channel 80, then the HOL blocking prevention mechanismdiscussed previously will be activated.

Referring again to the function of arbiter 93, arbiter 93 controls thebandwidth on high performance interface 261. Using a configurationregister, priority for packet handling can be switched from the IPIC 90to the ICM 271, and vice versa, after predetermined periods. Insituations where there is no ICM and wherein IPIC 90(1) is communicatingwith IPIC 90(2), then a master CPU which controls functions in a stackedconfiguration would control arbiter 93 and flow control logic 94. Themaster CPU would be one CPU 52 of a plurality of CPUs 52 associated witha plurality of SOC switches 10.

It should also be noted that NBP manager 95 controls memory managementfor NBP 92. NBP manager 95, therefore, performs many functions which arespecific to IPIC 90, but which are similar to the function of MMU 70with respect to SOC 10. Some notable differences exist, however, in thatthere is no CBP/GBP admission logic, since NBP 92 is treated as onememory buffer pool.

Packets which are arriving at IPIC 90 from high performance interface261 will always have a module header thereupon. The module header isinserted by the source SOC when the packet is sent, which will bereferred to as the source switch. The fields of the module header are asfollows:

-   -   C Bit—1 bit long—Control Bit—The Control Bit identifies whether        this is a Control frame or a data frame. This bit is set to 1        for Control Frame and is set to 0 for data frame.    -   Opcodes—3 bits long—Opcodes are used to identify the Packet        Type. Value 00—identifies that the packet is a unicast Packet        and the Egress Port is uniquely identified by Module Id Bitmap        (only one bit will be set in this field) and the Egress Port        Number. Value 01—identifies that the Packet is a Broadcast or        Destination Lookup Failure (DLF) and is destined to Multiple        Ports on the same Module or multiple ports on different Modules.        The Egress port is not a valid field in this scenario. Value        02—identifies that the Packet is a Multicast Packet and is        addressed to multiple ports. Value 03—identifies that the Packet        is a IP Multicast Packet and is addressed to Multiple Ports.    -   TGID—3 bits long—TGID Bits—TGID identifies the Trunk Group        Identifier of the Source Port. This field is valid only if T bit        is set.    -   T—1 bit long—T Bit—If this bit is set then TGID is a valid        field.    -   MT Module Id Bitmap—5 bits long—MT Module Id is “Mirrored-To”        Module Id. This field is used to send the packet to a        “mirrored-to” port, which is located on a remote Module. This        field is valid only if M bit is set.    -   M Bit—1 bit long—M Bit—If this bit is set then MT Module Id is a        valid field.    -   Data Len—14 bits long—Data Len—Identifies the data length of the        packet.    -   CoS—3 bits long—CoS Bits—Identifies the CoS Priority for this        Frame.    -   CRM—1 bit lon—Cos Re-Map Bit—This bit is used to re-map the CoS        based on the Source Module Id+Source Port Number. This feature        is useful for the Modules that does not have CoS Mapping        Capability.    -   Module Id Bitmap—32 bits long—Module Id Bitmap—bitmap of all the        modules, which are supposed to receive the Packet.    -   Egress Port—6 bits long—Egress Port—is the Port Number on the        remote Module, which is suppose to receive this packet.    -   New IP checksum—16 bits long—New IP Checksum—This is mainly used        for the IP Multicast Switched Traffic.    -   PFM—2 bits long—Port Filtering Mode Bits—These are the port        Filtering Mode for the Source Port.    -   Source Port—6 bits long—Source Port is the Source Port Number of        the Packet.    -   CRC Bits—2 bits long—CRC bits—These are the same CRC bits from P        channel message that are copied in here. Value 0x01—is append        CRC bit. If it is set then the egress port should append the CRC        to the packet. Value 0x02—is Regenerate CRC bit. If this bit is        set then the egress port should regenerate CRC. Value 0x00—no        change in CRC. Value 0x03—unused.    -   Source Mod Id—5 bits long—Source Mod Id—is the Source Module Id        of the Packet.    -   Data—N bit long—Data Bytes—The data bytes may contain the CRC.        One has to examine the CRC bits to find out if data contains        CRC. If CRC bits is set to append CRC then data does not contain        CRC bytes. If CRC bits is set to regenerate CRC then data        contains CRC bytes but it's not a valid CRC. If CRC value is 00        then data contains CRC and is a valid CRC.    -   CRC Of (Module Header+Data)—4 bits long—CRC value including the        data and the Module Header.

In order for IPIC 90 to properly perform address resolution, numeroustables must be included within tables 91. These tables include an 802.1qVLAN table, a multicast table, an IP multicast table, a trunk groupbitmap table, a priority to COS queue mapping table, and a port to COSmapping table. The ARL logic for IPIC 90 differs from thepreviously-discussed EPIC/GPIC address resolution logic for numerousreasons. First of all, the packet starts after the 16 bytes of moduleheader; the module header contains information regarding whether thepacket is a control frame or a data frame. Control frames are alwayssent to the CPU after the module header is stripped. The module headercontains the trunk group identifier information, the mirrored-to portinformation, egress port information, etc. Any time the C bit is set inthe module header, the packet is sent to the CPU. The T bit and the TGIDbits are provided in the module header in order to support trunkingacross the modules. Mirroring is controlled by the MT module ID bitmapand the M bit. The CRM, or COS-Re-map bit, enables re-mapping of the COSbased upon the source module ID and the source port number. Thisremapping can become necessary in situations where switches are suppliedfrom different vendors.

Referring to FIG. 29, address resolution for a packet coming in to IPIC90 from high performance interface 271 is as follows:

The packet coming in to IPIC 90 from interface 261 is stored in shallowbuffer 96, where the IPIC ARL logic 97 determines whether GBP 60 is fullat step 29-1. If so, the packet is dropped at step 29-2. If not, logic97 determines at step 29-3 if the M bit is set in the module header, andalso checks to see if the module ID for the “mirrored-to” module isequal to the present module ID. If so, the mirrored-to port is obtainedfrom the port mirroring register for SOC 10, and a bit is set in theport bitmap which corresponds to the mirrored-to port, and the packet issent to the mirrored-to port at step 29-4. If the answer is NO regardingthe M bit, and after the sending of the packet to the mirrored-to port,ARL logic 97 then checks to see if the C bit is set at step 29-5. If so,the packet is sent to the CPU at step 29-6. The CPU bit in the portbitmap is set so as to ensure the packet is sent to the CPU. If the Cbit is not set, or after the packet has been appropriately sent to theCPU, ARL logic 97 then determines whether or not the packet is a unicastpacket at step 29-7. If so, the packet is appropriately placed on CPSchannel 80 with the bit corresponding to the egress port appropriatelyset in the port bitmap. If the T bit is set, then the final bitmap isset based upon the trunk group bitmap and the TGID. If the CRM bit isset, then the port-to-COS mapping table is searched to get theappropriate COS queue. Otherwise, the COS is picked up from the moduleheader. This sending step occurs at step 29-8. If it is determined thatthe packet is not a unicast packet, then at step 29-9, IPIC ARL logic 97determines whether the packet is a multicast packet. This determinationis made, as mentioned previously, by examining the destination addressto see if it is a class D address. Class D classification is one whereinthe first three MSBs of the multicast IP address are set to one. If itis determined that it is in fact an IP multicast packet, then twoseparate and concurrent processes are performed. At step 29-10, a searchis performed of the IP multicast table, with the source IP address andthe destination IP address as the search key. If there is a match or ahit, then the TTL in the IP header is compared to the TTL threshold atstep 29-11. If the TTL is below the threshold, the packet is sent to theCPU. If the TTL is not below the TTL threshold, then the L3 port bitmapis obtained, and it is determined whether or not the L3 port bitmap is amember of the active port register corresponding to the COS for thepacket. The new IP checksum from the module header is sent on theP-channel, and the packet is sent on the C-channel. This process isillustrated as L3 switching step 29-13. If the search of step 29-10 doesnot result in a hit, then the packet is sent to the CPU at step 29-12,and bit 8 of the CPU opcodes are set.

The second process which is performed upon determination of whether ornot the packet is a multicast packet involves layer 2 switching. SOC 10,therefore, enables hybrid multicast treatment. That is, therefore, thesame packet can be switched at layer 2 and layer 3. At step 29-14, afterstep 29-9 determines that the packet is a multicast packet, therefore,ARL logic 97 examines the PFM (port filtering mode) bits of the moduleheader. If the PFM is set to zero, then the packet is forwarded to allports. The port bitmap is obtained from the port VLAN table, appropriateexclusion of the IPIC port is made, the trunk port is appropriatelyidentified, the COS is picked up, and the packet is appropriatelyforwarded at step 29-15. If the PFM is not set to zero, then themulticast table is searched at step 29-16 using the destination key,which is formed of the destination address and the VLAN ID. If there isno hit, then logic 97 once again examines the PFM at step 29-17 for theingress port. If the PFM is set to 2, the packet is dropped. If the PFMis not set to 2, the port bitmap is obtained from the VLAN table at step29-19, and the packet is forwarded at step 29-20. If the destinationsearch of step 29-16 is a hit, the port bitmap is obtained from themulticast table at step 29-18, and the packet is forwarded at step29-20. In step 29-20, appropriate port registers are set based upon Tbit, COS, mirroring, etc., and the packet is forwarded to theappropriate destinations. This configuration, as mentioned previously,enables unique hybrid multicast handling, such that a multicast packetcan be appropriately switched at layer 2 and/or layer 3.

Referring once again to FIG. 28, access to NBP 92 is controlled by NBPmanager 95. Once again, packets coming in to IPIC 90 on high performanceinterface 261 are first stored in shallow buffer 96, which can be, forexample, 3 cells deep. The module header, which is 16 bytes long, and apredetermined number of packeted cells (such as 14 bytes), come in, andthe address resolution discussed above is performed by ARL logic 97. TheVLAN table, multicast table, and IP multicast tables which form tables91 are used for the various lookups. No ARL tables are provided becausethe module header provides information regarding unicast, multicast,etc., through the remote port number. The remote port number is themodule ID plus the destination port number. Since the destination portnumber is available, an ARL table as utilized in EPICs 20 and GPICs 30is unnecessary. The PFM bits of the module header are defined accordingto the 802.1p standard, and enable address resolution for multicast asdiscussed above. Therefore, packets coming in on interface 261 areplaced in the shallow buffer for address resolution. After addressresolution, the packet is placed on CPS channel 80, where it is sent toMMU 70 for appropriate memory arbitration and storage prior to beingpicked up by the appropriate egress. Packets coming in destined for IPIC90 from EPICs 20 and GPICs 30 are sent directly on CPS channel 80 intoNBP 92. Through the use of NBP manager 95, IPIC 90 sends appropriate Schannel messages regarding the operation of NBP 92, and IPIC 90 ingeneral. Such S channel messages may include NBP full, GBP full, HOLnotification, COS notification, etc. NBP manager 95, therefore, managesthe FAP (free address pointer pool) for the NBP, handles cell transferfor the NBP, assigns cell pointers to the incoming cells, assemblescells into packets, writing of packet pointers into packet fifo 98, andmonitors the activities of scheduler 99. Scheduler 99 works inconjunction with NBP 92, packet fifo 98, and arbiter 93 in order toschedule the next packet for transmission on high performance interface261. Scheduler 99 evaluates COS queues in packet fifo 98, and if packetsexist in the packet fifo, then the packet is picked up for transmissionon high performance interface 261. Transmission is controlled by thestatus of the grant signal with respect to the ICM, as controlled byarbiter 93. As shown in FIG. 28, scheduler 93 must appropriately handleeight COS queues in packet fifo 98. Appropriate COS managementdetermines which will be the next packet picked up from the priorityqueues. COS management is performed by a COS manager (not shown) whichis a part of scheduler 99. Scheduler 99, therefore, can be programmed toenable different types of queue scheduling algorithms, as necessary. Twoexamples of scheduling algorithms which can be used are 1) strictpriority based scheduling, and 2) weighted priority based scheduling.Both of these algorithms and associated registers can be programmed asappropriate.

When scheduler 99 picks up a packet for transmission, the packet pointeris obtained from packet fifo 98, and the first cell of the packet ispointed to by the packet pointer. The cell header contains all of therequired information, and the module header is a valid field therein.The data to be transmitted is available from the 16th byte, and themodule header field is not considered a valid field. Appropriate linkingof the cells is ensured to make sure that complete packets arereassembled and sent on high performance interface 261.

The above-discussed configuration of the invention is, in a preferredembodiment, embodied on a semiconductor substrate, such as silicon, withappropriate semiconductor manufacturing techniques and based upon acircuit layout which would, based upon the embodiments discussed above,be apparent to those skilled in the art. A person of skill in the artwith respect to semiconductor design and manufacturing would be able toimplement the various modules, interfaces, and tables, buffers, etc. ofthe present invention onto a single semiconductor substrate, based uponthe architectural description discussed above. It would also be withinthe scope of the invention to implement the disclosed elements of theinvention in discrete electronic components, thereby taking advantage ofthe functional aspects of the invention without maximizing theadvantages through the use of a single semiconductor substrate.

Although the invention has been described based upon these preferredembodiments, it would be apparent to those of skilled in the art thatcertain modifications, variations, and alternative constructions wouldbe apparent, while remaining within the spirit and scope of theinvention. In order to determine the metes and bounds of the invention,therefore, reference should be made to the appended claims.

1. A method of switching packets in a network switch, said methodcomprising: receiving, by the network switch, at least a first packetand a second packet, the first packet including a first packet addressand the second packet including a second packet address, on a sourceport of the network switch; performing concurrent lookups of the firstpacket address and the second packet address, wherein: the lookup of thefirst packet address is performed on an odd layer 2 and layer 3 lookuptable, the odd layer 2 and layer 3 lookup table including odd addressedentries of source or destination addresses; and the lookup of the secondpacket address is performed on an even layer 2 and layer 3 lookup table,the even layer 2 and layer 3 lookup table including even addressedentries of source or destination addresses; and the concurrent lookupsdetermine at least one egress port through which each of the first andsecond packets are to be sent; and sending the first and second packetsthrough the determined at least one egress port, the at least one egressport being based on the concurrent lookups.
 2. A method as recited inclaim 1, further comprising: determining if the first packet and secondpacket are to be sent to a mirrored port; and if mirroring isdetermined, sending the first packet and second packet to the mirroredport.
 3. A method as recited in claim 1, wherein the concurrent lookupsinclude each of: searching an IP multicast table to determine if adestination address is contained in the IP multicast table; forwardingthe packets to a remote CPU if the destination address is not containedin the IP multicast table; comparing a time-to-live (TTL) value to apredetermined TTL threshold if the destination address is known; sendingthe packets to the remote CPU if the time-to-live value is below thepredetermined TTL threshold; obtaining a layer 3 port bitmap from the IPmulticast table if the time-to-live value is not below the predeterminedTTL threshold; switching the packets to destination ports if thedestination ports on the layer 3 port bitmap are considered active portsfor the network switch; concurrently with the searching of the IPmulticast table, examining port filtering bits of the module header todetermine whether a first predetermined port filtering value is present;forwarding the packets to a selected group of ports on the switch if thefirst predetermined port filtering value is present; searching amulticast table using a destination key if the first predeterminedfiltering value is not present; obtaining a port bitmap from themulticast table if searching the multicast table results in a match,then forwarding the data packets to ports obtained from the port bitmap;if there is not a match, examining the port filtering bits to see if asecond predetermined port filtering value is present; if the secondpredetermined port filtering value is present, dropping the packets; andif the second predetermined port filtering value is not present,obtaining a destination port bitmap from a VLAN table, and forwardingthe data packets to ports identified in the destination port bitmap. 4.A method as recited in claim 3, wherein said destination key is formedby combining a destination address and a destination VLAN identificationvalue from a field in the packets.
 5. A network switch for switchingpackets, comprising: a source port configured to receive at least afirst packet and a second packet, the first packet including a firstpacket address and the second packet including a second address; a firstsearch engine configured to perform, concurrently with an even lookup bya second search engine, an odd lookup of the first packet address on anodd layer 2 and layer 3 lookup table, the odd layer 2 and layer 3 lookuptable including odd addressed entries of source or destinationaddresses; and the second search engine configured to perform,concurrently with the odd lookup by the first search engine, the evenlookup of the second packet address on an even layer 2 and layer 3lookup table, the even layer 2 and layer 3 table including evenaddressed entries of source or destination addresses; and a handlerconfigured to send the first and second packets through at least oneegress port, the egress port being based on the concurrent lookups.
 6. Anetwork switch as recited in claim 5, further comprising: a determinerconfigured to determine whether the first and second packets are to besent to a mirrored port; and a sender configured to send the first andsecond packets to the mirrored port when mirroring is determined.
 7. Anetwork switch as recited in claim 5, wherein the search engines includeeach of: a first searcher configured to search an IP multicast table todetermine if a destination address is contained in either the odd layer2 and layer 3 lookup table or the even layer 2 and layer 3 lookup table;a first forwarder configured to forward the first and second packets toa remote CPU if the destination address is not contained in the IPmulticast table; a comparator configured to compare a time-to-live (TTL)value to a predetermined TTL threshold if the destination address isknown; a sender configured to send the packets to the CPU if thetime-to-live value is below the predetermined TTL threshold; a firstobtainer configured to obtain a layer 3 port bitmap from the IPmulticast table if the time-to-live value is not below the predeterminedTTL threshold; a switch configured to switch the packets to thedestination ports if ports on the layer 3 port bitmap are consideredactive ports for the network switch; a first examiner configured toexamine port filtering bits of the module header to determine whether afirst predetermined port filtering value is present, wherein the firstexaminer is configured to operate simultaneously with the firstsearcher; a second forwarder configured to forward the first and secondpackets to a selected group of ports on the switch if the firstpredetermined port filtering value is present; a second searcherconfigured to search a multicast table using a destination key if thefirst predetermined filtering value is not present; a second obtainerconfigured to search a port bitmap from the multicast table if searchingthe multicast table results in a match; a third forwarder configured toforward the data packet to ports obtained from the port bitmap, when thesecond obtainer obtains the port bitmap from the multicast table; asecond examiner configured to examine the port filtering bits to see ifa second predetermined port filtering value is present if there is not amatch through the searching of the multicast table; a dropper configuredto drop the packet when the second predetermined port filtering value ispresent; a third obtainer configured to obtain from a VLAN table adestination port bitmap when the second predetermined port filteringvalue is not present; and a fourth forwarder configured to forward thedata packets to ports identified in the destination port bitmap.
 8. Anetwork switch as recited in claim 7, wherein said second searcher isconfigured to use the destination key formed by combining a destinationaddress and a destination VLAN identification value from a field in atleast one of the first and second packets.
 9. A method as recited inclaim 1, wherein the concurrent lookups are performed by a single L2/L3search engine.
 10. A network switch as recited in claim 5, wherein thesearch engines each include a single L2/L3 search engine configured toperform the simultaneous lookups.
 11. The method of claim 1, wherein:the lookup of the first packet address continues until either the firstpacket address is found in the odd layer 2 and layer 3 lookup table orthe first packet address is determined to not be included in the oddlayer 2 and layer 3 lookup table, and if the first packet address isdetermined not to be included in the odd layer 2 and layer 3 lookuptable, the lookup of the first packet address includes either findingthe first packet address in the even layer 2 and layer 3 lookup table ordetermining that the lookup of the first packet address is a miss; andthe lookup of the second packet address continues until either thesecond packet address is found in the even layer 2 and layer 3 lookuptable or the second packet address is determined to not be included inthe even layer 2 and layer 3 lookup table, and if the second packetaddress is determined not to be included in the even layer 2 and layer 3lookup table, the lookup of the second packet address includes eitherfinding the second packet address in the odd layer 2 and layer 3 lookuptable or determining that the lookup of the second packet address is amiss.
 12. The method of claim 1, wherein: the first packet includes afirst packet source address and a first packet destination address, andthe second packet includes a second packet source address and a secondpacket destination address; and the concurrent searches include a firstalternating search performed concurrently with a second alternatingsearch, wherein: the first alternating search alternates betweensearching for the first packet source address and the first packetdestination address in the odd layer 2 and layer 3 lookup table; and thesecond alternating search alternates between searching for the secondpacket source address and the second packet destination address in theeven layer 2 and layer 3 lookup table.
 13. A network switch as recitedin claim 5, wherein: the first search engine is configured to continuethe odd lookup of the first packet address until either the first packetaddress is found in the odd layer 2 and layer 3 lookup table or thefirst packet address is determined to not be included in the odd layer 2and layer 3 lookup table, and if the first packet address is determinednot to be included in the odd layer 2 and layer 3 lookup table, the oddlookup of the first packet address includes either finding the firstpacket address in the even layer 2 and layer 3 lookup table ordetermining that the odd lookup of the first packet address is a miss;and the second search engine is configured to continue the even lookupof the second packet address until either the second packet address isfound in the even layer 2 and layer 3 lookup table or the second packetaddress is determined to not be included in the even layer 2 and layer 3lookup table, and if the second packet address is determined not to beincluded in the even layer 2 and layer 3 lookup table, the even lookupof the second packet address includes either finding the second packetaddress in the odd layer 2 and layer 3 lookup table or determining thatthe even lookup of the second packet address is a miss.
 14. A networkswitch as recited in claim 5, wherein: the first packet includes a firstpacket source address and a first packet destination address, and thesecond packet includes a second packet source address and a secondpacket destination address; and the odd lookup alternates betweensearching for the first packet source address and the first packetdestination address in the odd layer 2 and layer 3 lookup table; and theeven lookup alternates between searching for the second packet sourceaddress and the second packet destination address in the even layer 2and layer 3 lookup table.
 15. A network switch as recited in claim 5,wherein the search engines each include: a first searcher configured tosearch an IP multicast table to determine if the respective packetaddress is contained in either the odd layer 2 and layer 3 lookup tableor the even layer 2 and layer 3 lookup table; and a first forwarderconfigured to forward the first and second packets to a remote CPU ifthe destination address is not contained in the IP multicast table. 16.A network switch as recited in claim 5, wherein the search engines eachinclude: a comparator configured to compare a time-to-live (TTL) valueto a predetermined TTL threshold if the respective packet address isknown; a sender configured to send the respective packet to the CPU ifthe TTL value is below the predetermined TTL threshold; and an obtainerconfigured to obtain a layer 3 port bitmap from an IP multicast table ifthe TTL value is not below the predetermined TTL threshold.
 17. Anetwork switch as recited in claim 5, wherein the search engines eachinclude a switch configured to switch the respective packet to thedestination ports if ports on the layer 3 port bitmap are consideredactive ports for the network switch.
 18. A network switch as recited inclaim 5, wherein the search engines each include: an examiner configuredto examine port filtering bits of the respective packet to determinewhether a first predetermined port filtering value is present; aforwarder configured to forward the respective packet to a selected porton the switch if the first predetermined port filtering value ispresent; and a searcher configured to search a multicast table using adestination key if the first predetermined filtering value is notpresent.
 19. A network switch as recited in claim 5, wherein the searchengines each include: a searcher configured to search an IP multicasttable to determine if the respective packet address is contained ineither the odd layer 2 and layer 3 lookup table or the even layer 2 andlayer 3 lookup table; an obtainer configured to search a port bitmapfrom the IP multicast table if searching the multicast table results ina match; and a forwarder configured to forward the respective packet toports obtained from the port bitmap, when the obtainer obtains the portbitmap from the multicast table.
 20. A network switch as recited inclaim 5, wherein the search engines each include: a searcher configuredto search an IP multicast table to determine if the respective packetaddress is contained in either the odd layer 2 and layer 3 lookup tableor the even layer 2 and layer 3 lookup table; a first examinerconfigured to examine port filtering bits of the respective packet todetermine whether a first predetermined port filtering value is present;a second examiner configured to examine the port filtering bits to seeif a second predetermined port filtering value is present if there isnot a match through the searching of the IP multicast table; a dropperconfigured to drop the respective packet when the second predeterminedport filtering value is present; a obtainer configured to obtain from aVLAN table a destination port bitmap when the second predetermined portfiltering value is not present; and a forwarder configured to forwardthe data packets to ports identified in the destination port bitmap.